GNU Mailman未明特权提升漏洞

漏洞起因
设计错误
危险等级

 
影响系统
GNU Mailman 2.0.4
GNU Mailman 2.0.2
 
不受影响系统
 
危害
本地攻击者可以利用漏洞获得提升的特权或破坏系统。
 
攻击所需条件
攻击者必须访问GNU Mailman。
 
漏洞信息
GNU Mailman是一款用于管理邮件列表的应用程序。
GNU Mailman存在一个未明的安全漏洞,允许本地攻击者获得提升的特权或破坏系统。
目前没有详细漏洞细节提供。
 
测试方法
 
厂商解决方案
Debian用户可参考如下升级程序:
Debian Linux 4.0 amd64
Debian maildrop_2.0.2-11+etch1_amd64.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_amd64.deb
Debian Linux 4.0 ia-32
Debian maildrop_2.0.2-11+etch1_i386.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_i386.deb
Debian Linux 4.0 arm
Debian maildrop_2.0.2-11+etch1_arm.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_arm.deb
Debian Linux 5.0 hppa
Debian maildrop_2.0.4-3+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_hppa.deb
Debian Linux 5.0 ia-64
Debian maildrop_2.0.4-3+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_ia64.deb
Debian Linux 4.0 hppa
Debian maildrop_2.0.2-11+etch1_hppa.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_hppa.deb
Debian Linux 4.0 s/390
Debian maildrop_2.0.2-11+etch1_s390.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_s390.deb
Debian Linux 5.0 arm
Debian maildrop_2.0.4-3+lenny1_arm.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_arm.deb
Debian Linux 4.0 powerpc
Debian maildrop_2.0.2-11+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_powerpc.deb
Debian Linux 4.0 alpha
Debian maildrop_2.0.2-11+etch1_alpha.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_alpha.deb
Debian Linux 5.0 armel
Debian maildrop_2.0.4-3+lenny1_armel.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_armel.deb
Debian Linux 4.0 mipsel
Debian maildrop_2.0.2-11+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_mipsel.deb
Debian Linux 5.0 amd64
Debian maildrop_2.0.4-3+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_amd64.deb
Debian Linux 5.0 alpha
Debian maildrop_2.0.4-3+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_alpha.deb
Debian Linux 5.0 ia-32
Debian maildrop_2.0.4-3+lenny1_i386.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_i386.deb
Debian Linux 5.0 mips
Debian maildrop_2.0.4-3+lenny1_mips.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_mips.deb
Debian Linux 5.0 s/390
Debian maildrop_2.0.4-3+lenny1_s390.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_s390.deb
Debian Linux 5.0 mipsel
Debian maildrop_2.0.4-3+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_mipsel.deb
Debian Linux 5.0 powerpc
Debian maildrop_2.0.4-3+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4 -3+lenny1_powerpc.deb
Debian Linux 4.0 ia-64
Debian maildrop_2.0.2-11+etch1_ia64.deb
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2 -11+etch1_ia64.deb
 
漏洞提供者
Christoph Anton Mitterer