Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:3131 |
| Message | WEB-CGI mailman directory traversal attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in GNU Mailman. |
| Impact | Information disclosure. |
| Detailed Information | GNU Mailman is used to manage mailing lists. It is written in Python and is available on a variety of platforms. GNU Mailman when used with webservers that do not remove extra slashes from URLs, is prone to a directory traversal attack that may allow an attacker access to sensitive files on an affected system. |
| Affected Systems | GNU Mailman in conjunction with Apache 1.3.x |
| Attack Scenarios | An attacker can supply extra slashes and dots (....///) to a URL to escape the web root and access other parts of the host filesystem. |
| Ease of Attack | Simple. Exploit software is not required. |
| Corrective Action | Apply the appropriate vendor supplied patches. |
| Additional References | |
| Rule References | cve: 2005-0202 |
--
DID:679421
--
http://www.aanval.com/