漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery (CSRF) attacks.
It was discovered that the Mailman user options page did not protect against cross-site request forgery (CSRF) attacks.
漏洞危害
If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)
If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. (CVE-2016-6893)
解决方案
Refer to Ubuntu advisory USN-3118-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3118-1: 14.04 (Kylin) on src (mailman)
USN-3118-1: 16.10 (Yakkety) on src (mailman)
0day
文章评论