GNU Mailman 2.1.39 中的三个新 CVE

GNU Mailman 2.1.39 中的三个新 CVE
三名研究人员发现GNU Mailman 2.1.39（集成于cPanel和WHM）存在三个严重漏洞：目录遍历、命令注入和未认证的邮件列表创建。这些漏洞允许攻击者读取敏感文件、执行任意命令或创建垃圾邮件列表。由于Mailman 2.1已宣布停服并建议迁移至Mailman 3（基于Python 3），用户应尽快升级以缓解风险。 2025-4-21 16:11:0 Author: seclists.org(查看原文) 阅读量:54 收藏

oss-sec mailing list archives

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 21 Apr 2025 09:08:33 -0700

3 new CVE's have been published for GNU Mailman 2.1.39, as bundled with cPanel
and WHM, credited to Firudin Davudzada and Musazada Aydan.

Note that upstream declared GNU Mailman 2.1 (which requires Python 2), to be
end of life back in 2020, and recommends migrations to Mailman 3 (which
uses Python 3 instead):
https://mail.python.org/archives/list/mailman-announce () python org/thread/TJLEX52N2ARNOQBC2ZNYMNV5U226R5NM/


CVE-2025-43919: Directory Traversal in GNU Mailman 2.1.39 (cPanel/WHM Bundle)
Details/POC: https://github.com/0NYX-MY7H/CVE-2025-43919

   GNU Mailman 2.1.39, as bundled with cPanel and WHM, contains a critical
   directory traversal vulnerability in the /mailman/private/mailman endpoint.
   Unauthenticated attackers can exploit this flaw to read arbitrary files on
   the server, such as /etc/passwd or Mailman configuration files, due to
   insufficient input validation in the private.py CGI script.


CVE-2025-43920: Command Injection via Email Subject in GNU Mailman 2.1.39 (cPanel/WHM Bundle)
Details/POC: https://github.com/0NYX-MY7H/CVE-2025-43920

   GNU Mailman 2.1.39, as bundled with cPanel and WHM, is vulnerable to a
   critical command injection flaw that allows unauthenticated attackers
   to execute arbitrary operating system commands. The vulnerability occurs
   when an external archiver is configured using PUBLIC_EXTERNAL_ARCHIVER or
   PRIVATE_EXTERNAL_ARCHIVER in the mm_cfg.py configuration file, and the
   email subject line contains shell metacharacters that are not properly
   sanitized.


CVE-2025-43921: Unauthenticated Mailing List Creation in GNU Mailman 2.1.39 (cPanel/WHM Bundle)
Details/POC: https://github.com/0NYX-MY7H/CVE-2025-43921

   GNU Mailman 2.1.39, as bundled with cPanel and WHM, is vulnerable to an
   authentication bypass flaw that allows unauthenticated attackers to create
   mailing lists via the /mailman/create endpoint. The issue stems from missing
   access controls in the create CGI script, enabling attackers to abuse the
   mailing system for spam, phishing, or resource exhaustion.

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Current thread:

3 new CVE's in old branch of GNU mailman Alan Coopersmith (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski (Apr 21)
  - Re: 3 new CVE's in old branch of GNU mailman Thomas Ward (Apr 21)
    - Re: 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski (Apr 21)
    - Re: 3 new CVE's in old branch of GNU mailman Jim P. (Apr 21)
- Re: 3 new CVE's in old branch of GNU mailman Mats Wichmann (Apr 21)
  - Re: 3 new CVE's in old branch of GNU mailman Russ Allbery (Apr 21)

文章来源: https://seclists.org/oss-sec/2025/q2/69
如有侵权请联系:admin#unsafe.sh