Hi, Barry Warsaw wrote:
> On Wed, 2005-02-09 at 17:00, Tokio Kikuchi wrote: > > >>I've tested with my 1.3.29 installation and verified apache PATH_INFO >>does convert '//' to '/'. Barry also wanted to clarify which apache >>version/installation (combination with mailman) is valnerable. Return >>code of 200 doesn't mean sucessful exploit. You should check mailman >>logs/error also. (If there is none chances are succesful exploit.) > > > Tokio, do you do any rewrites in your 1.3.29 config file? I just have > this gut feeling like there's some kind of rewrite rule that caused this > slash-collapse behavior to be disabled. FWIW, python.org does not do > rewrites and we weren't vulnerable. > I might have confused about which server I was testing. I tested again today and found all the 1.3 servers (on FreeBSD, Solaris, and BSD/OS) I administering were vulnerable. (Not all are mailman installed). They are all not using mod_rewrite. -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
