Mailman Cross-Site Scripting and Weak Password Generation
Stand: 21.01.2010
Datum: 12.01.2005
Software: Mailman 2.x
Provided and/or discovered by
(1) Florian Weimer
(2) ZENDAS
Description:
A vulnerability and a weakness have been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially brute force a user's password.
1) Input is not properly sanitised by "scripts/driver" when returning error pages. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site by tricking a user into visiting a malicious web site or follow a specially crafted link.
2) A weakness in the algorithm of the automatic password generation causes only about five million different passwords to be generated. This makes it easier to brute force automatically generated passwords.
Solution:
1) Filter malicious characters and character sequences in a proxy or firewall with URL filtering capabilities.
2) Choose a strong password for subscriptions, instead of letting Mailman generate one.