PT-2015-5888 · Gnu+5 · Gnu Mailman+5

Mark Sapiro

Published

2015-04-01

Updated

2024-06-15

CVE-2015-2775

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU Mailman versions prior to 2.1.20

Description The issue allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name, when not using a static alias.

Recommendations For GNU Mailman versions prior to 2.1.20, update to version 2.1.20 or later to resolve the issue.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2016-1141

CESA-2015_1153

CESA-2015_1417

CVE-2015-2775

DLA-186-1

DSA-3214-1

MGASA-2015-0205

OPENSUSE-SU-2024:10215-1

RHSA-2015:1153

RHSA-2015:1417

RHSA-2015_1153

RHSA-2015_1417

SUSE-SU-2018:4296-1

SUSE-SU-2018_4296-1

SUSE-SU-2019:13924-1

SUSE-SU-2019_13924-1

USN-2558-1

Affected Products

Alt Linux

Centos

Gnu Mailman

Red Hat

Suse

Ubuntu

PT-2015-5888 · Gnu+5 · Gnu Mailman+5

CVE-2015-2775

Weakness Enumeration

Related Identifiers

Affected Products

References · 78