Debian: ecartis unauthorised access to admin interface fix

    Date21 Oct 2004
    CategoryDebian
    2091
    Posted ByLinuxSecurity Advisories
    A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 572-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    October 21st, 2004                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : ecartis
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0913
    
    A problem has been discovered in ecartis, a mailing-list manager,
    which allows an attacker in the same domain as the list admin to gain
    administrator privileges and alter list settings.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.129a+1.0.0-snap20020514-1.3.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.0.0+cvs.20030911-8.
    
    We recommend that you upgrade your ecartis package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3.dsc
          Size/MD5 checksum:      633 3c5b01ccdb8efdd3f0b01ab1c420f0bd
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3.diff.gz
          Size/MD5 checksum:    11136 deb52dba3044f51a775687dc3de435d4
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514.orig.tar.gz
          Size/MD5 checksum:   326215 2772a595a3fe7ea5073874113da813ec
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_alpha.deb
          Size/MD5 checksum:   256810 0756e2937a73c64e06a65001d7955877
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_alpha.deb
          Size/MD5 checksum:    34084 ef3ac15efae9aaa6ef01083e535d96a6
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_arm.deb
          Size/MD5 checksum:   238590 c039d61d90f7163d0a5ae3a964fa28c6
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_arm.deb
          Size/MD5 checksum:    34256 27530fa34db9ccfce0dea27d2367a581
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_i386.deb
          Size/MD5 checksum:   199458 b486c027d445489c6fb27a705133e65f
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_i386.deb
          Size/MD5 checksum:    26382 1a46d1a71f53b9cbe8ce774c308e0b63
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_ia64.deb
          Size/MD5 checksum:   338176 f34f303a82c07e94fbc4f740615b285a
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_ia64.deb
          Size/MD5 checksum:    44402 3d96424af960b67c1eff7ed8281a28cc
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_hppa.deb
          Size/MD5 checksum:   237276 86be667295c0110787c48483935304a9
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_hppa.deb
          Size/MD5 checksum:    34186 0427d04c72cd89788d7662e7ba84713b
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_m68k.deb
          Size/MD5 checksum:   210846 6ef4f00bcf7eb6855dff350f4ed2d6eb
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_m68k.deb
          Size/MD5 checksum:    29470 cfdbd27c6f172a1fa75890d7bab9be26
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_mips.deb
          Size/MD5 checksum:   203434 37c63c68433b47af4773d9fd1620bd6d
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_mips.deb
          Size/MD5 checksum:    26454 7b1212a12d462e5d02c59e4c80fb6120
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_mipsel.deb
          Size/MD5 checksum:   203806 29b30b1f6a89f5f738fd6e2a25ce8e3f
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_mipsel.deb
          Size/MD5 checksum:    26660 64352b9de65a0f873aa9bf8c3759b3df
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_powerpc.deb
          Size/MD5 checksum:   231174 d50df0172c5dc7c7e00e8f195d2dedc2
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_powerpc.deb
          Size/MD5 checksum:    33622 aeef33a2acbc11169f13a009fb44ca26
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_s390.deb
          Size/MD5 checksum:   205476 c11ac6b9025f9579f5827f76521be398
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_s390.deb
          Size/MD5 checksum:    28148 800f8d66e58b75a5d3348cea3758aedd
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_sparc.deb
          Size/MD5 checksum:   244678 41a082da574d539b8fa9df57903ef0b9
         http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_sparc.deb
          Size/MD5 checksum:    33772 28eadac58294fe1a73f95fb709619e27
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.