denial of service problem in Mailman 2.1.5

If your site uses Mailman 2.1.5 as a mailing list processor and uses
digests, be aware that there is a denial of service problem which, by
sending a mailing list a properly-crafted message, will cause that mailing
list's digest to fail and also stop processing of digests for subsequent
mailing lists. This problem will persist until the offending message is
removed from the mailman digest queue.

The problem is triggered by sending a message with an attachment that has
an RFC 2231 encoded parameter describing a filename using a charset that
is unknown to the Python system. At UW, we regularly see "X-UNKNOWN",
"Veranda" (a font name, not a charset), and "ISO-5589-1" (misspelling of
ISO-8859-1).

When the digest processor is run, it eventually gets to save_attachment in
Mailman/Handlers/Scrubber.py, which in turn sends you to in get_filename()
in email/Message.py (not to be confused with Mailman/Message.py). That
routine calls unicode() without any error trap, and the bogus charset as
the second ("encoding") argument.

Passing "ignore" as the third (errors) parameter to unicode() doesn't stop
Python from raising the trap; you have to have an actual trap handler.
The offending code line is:
return unicode(newvalue[2], newvalue[0] or 'us-ascii')

There are numerous unicode() calls throughout Python, so there may be
other places which are also vulerable to this attack. We have not seen
any evidence of non-digest delivery being impacted by this problem.

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.