Messages with invalid filenames don't get archived

Debian Bug report logs - #327732
Messages with invalid filenames don't get archived

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Aliet Santiesteban Sifontes <aliet@tesla.cujae.edu.cu>

To: submit@bugs.debian.org

Subject: Dos attack to a list in mailman using sarge due to impropper handling of exception of utf8

Date: Sun, 11 Sep 2005 14:50:02 -0400

Package: mailman
Version: 2.1.5-8
Severity: |grave|

Site running several lists, it seems that a specially formed message can Dos a list 
due to impropper handling of a exception, the lists sops working, here the mailman error, all messages then
goes to shunt:


Sep 11 13:34:35 2005 (12535) Uncaught runner exception: 'utf8' codec can't decode bytes in position 1-4: invalid data
Sep 11 13:34:35 2005 (12535) Traceback (most recent call last):
 File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 111, in _oneloop
   self._onefile(msg, msgdata)
 File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 167, in _onefile
   keepqueued = self._dispose(mlist, msg, msgdata)
 File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
   more = self._dopipeline(mlist, msg, msgdata, pipeline)
 File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
   sys.modules[modname].process(mlist, msg, msgdata)
 File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 91, in process
   send_digests(mlist, mboxfp)
 File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 132, in send_digests
   send_i18n_digests(mlist, mboxfp)
 File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 306, in send_i18n_digests
   msg = scrubber(mlist, msg)
 File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 265, in process
   url = save_attachment(mlist, part, dir)
 File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 361, in save_attachment
   fnext = os.path.splitext(msg.get_filename(''))[1]
 File "/usr/lib/python2.3/email/Message.py", line 731, in get_filename
   return unicode(newvalue[2], newvalue[0] or 'us-ascii')
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 1-4: invalid data

Sep 11 13:34:35 2005 (12535) SHUNTING: 1126458561.9029009+2ca02ecc54d36f4e0a88a7ab17fc28736bd23635


Any ideas?

Message #10 received at 327732@bugs.debian.org (full text, mbox, reply):

From: Aliet Santiesteban Sifontes <aliet@tesla.cujae.edu.cu>

To: 327732@bugs.debian.org

Subject: Re: Bug#327732: Acknowledgement (Dos attack to a list in mailman using sarge due to impropper handling of exception of utf8)

Date: Mon, 12 Sep 2005 10:34:42 -0400

Found the problematic amil, this can make a Dos to any list:
...more email data
--TB36FDmn/VVEgNH/
Content-Type: application/msword
Content-Disposition: attachment;
       
filename*=utf-8''C%F3mo%20montar%20un%20servidor%20Samba%20PDC%20en%20una%20red%20de%20m%E1quinas%20MS%20Windows%20XP%
Content-Transfer-Encoding: base64

...more email data

Message #17 received at 327732@bugs.debian.org (full text, mbox, reply):

From: Joost van Baal <joostvb-debian-bugs-20051024-9@mdcc.cx>

To: 327732@bugs.debian.org

Subject: (possible) patch available

Date: Tue, 25 Oct 2005 00:04:34 +0200

[Message part 1 (text/plain, inline)]

Hi,

FWIW: A patch which might fix this problem is available from
http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
.

This bug likely is _not_ fixed in mailman 2.1.6.

Bye,

Joost

[signature.asc (application/pgp-signature, inline)]

Message #22 received at 327732@bugs.debian.org (full text, mbox, reply):

From: Lionel Elie Mamane <lionel@mamane.lu>

To: 327732@bugs.debian.org, 326024@bugs.debian.org, 310451@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Mailman bugs tags galore

Date: Sun, 13 Nov 2005 18:38:38 +0100

tags 327732 +pending security
tags 326024 +pending
tags 310451 +pending
thanks

A patch hopefully fixing this bug has been committed to the SVN
repository of the package. If it survives some yet-to-be-made testing,
it will be part of the next upload.

Yours truly,

-- 
Lionel Mamane

Message #37 received at 327732-close@bugs.debian.org (full text, mbox, reply):

From: Lionel Elie Mamane <lmamane@debian.org>

To: 327732-close@bugs.debian.org

Subject: Bug#327732: fixed in mailman 2.1.5-10

Date: Sat, 26 Nov 2005 01:32:08 -0800

Source: mailman
Source-Version: 2.1.5-10

We believe that the bug you reported is fixed in the latest version of
mailman, which is due to be installed in the Debian FTP archive:

mailman_2.1.5-10.diff.gz
  to pool/main/m/mailman/mailman_2.1.5-10.diff.gz
mailman_2.1.5-10.dsc
  to pool/main/m/mailman/mailman_2.1.5-10.dsc
mailman_2.1.5-10_sparc.deb
  to pool/main/m/mailman/mailman_2.1.5-10_sparc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 327732@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lionel Elie Mamane <lmamane@debian.org> (supplier of updated mailman package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.7
Date: Sat, 26 Nov 2005 10:03:23 +0100
Source: mailman
Binary: mailman
Architecture: source sparc
Version: 2.1.5-10
Distribution: unstable
Urgency: low
Maintainer: Mailman for Debian <pkg-mailman-hackers@lists.alioth.debian.org>
Changed-By: Lionel Elie Mamane <lmamane@debian.org>
Description: 
 mailman    - Powerful, web-based mailing list manager
Closes: 244700 298842 310451 312673 313800 315358 326024 327732 332018 339582 339890 340036
Changes: 
 mailman (2.1.5-10) unstable; urgency=low
 .
   * Merge with 2.1.5-8ubuntu2:
     Python 2.4 compatibility patch in bounce handling.
   * Don't fall apart if the filename of an attachment is an invalid UTF-8
     string (closes: #327732)
   * Don't die on overflow in date handling (closes: #326024)
   * Enable error handling in HyperArch (closes: #310451)
   * Ensure list-id is always in brackets in headers (closes: #244700)
   * Admin page: don't assume subscribed emails are pure ASCII
     (closes: #315358)
   * Bump up Standards-Version to 3.6.2
   * Add vietnamese translation (closes: #312673)
   * Apply corrections to german translation (closes: #313800)
   * Adapt to the md5sum in dpkg or coreutils automatically (closes: #340036)
   * More robust parsing of /var/lib/ucf/hashfile:
     - Don't touch files of other packages that happen to have
       our file's full path as subpath.
     - Accept any number of spaces between the hash and the filename there.
   * Work around ucf bug #238730 for postfix-to-mailman.py, too.
   * Fix traceback on Danish version of options page (closes: #339582)
   * Fix the private authentication form to point to the right file
     (closes: #298842)
   * Add Swedish debconf template translation (closes: #339890)
   * Depend on any debconf-2.0 implementation instead of debconf
     specifically (closes: #332018)
   * Copyright file:
     - New FSF address
     - List the other maintainers
   * Depend on adduser, used in preinst
   * Move away from deprecated user.group syntax in chown
   * Ensure package is built with autoconf 2.5x, not autoconf 2.13
Files: 
 5b95f8fb72914b06671e9f6456a4c98f 740 mail optional mailman_2.1.5-10.dsc
 bd18d18647a42bf574838919762a7324 200228 mail optional mailman_2.1.5-10.diff.gz
 8593eb6dd20d33bb913d332d46861d3b 6620074 mail optional mailman_2.1.5-10_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iEYEAREDAAYFAkOIKvQACgkQscRzFz57S3O5qACeM6eQIR43ywNLUdfEfjW6Vigt
qmUAn33W4Yg9cATH7ZSjjHnXObSGdNfk
=oT8O
-----END PGP SIGNATURE-----

Message #42 received at 327732@bugs.debian.org (full text, mbox, reply):

From: Martin Schulze <joey@infodrom.org>

To: 327732@bugs.debian.org

Subject: CVE name

Date: Thu, 1 Jun 2006 10:18:10 +0200

This issue is assigned CVE-2005-3573.

Regards,

	Joey

-- 
If you come from outside of Finland, you live in wrong country.
	-- motd of irc.funet.fi

Please always Cc to me when replying to me on the lists.

Send a report that this bug log contains spam.