[Secure-testing-team] Bug#803161: mailman: /var/log/mailman/* world-readable by default, leaking sensitive list information

[Dominik George]

Package: mailman
Version: 1:2.1.18-2
Severity: critical
Tags: security
Justification: root security hole

The log files of mailman, residing in /var/lib/mailman/log and in
/var/log/mailman, and the log directory itself are created
world-readable by default. This discloses sensitive information about
list users, for example e-mail addresses and full names in the subscribe
log, to all unprivileged system users that have shell or filesystem
access.

-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mailman depends on:
ii  apache2 [httpd]              2.4.10-10+deb8u3
ii  apache2-mpm-prefork [httpd]  2.4.10-10+deb8u3
ii  apache2-mpm-worker [httpd]   2.4.10-10+deb8u3
ii  cron                         3.0pl1-127+deb8u1
ii  debconf [debconf-2.0]        1.5.56
ii  libc6                        2.19-18+deb8u1
ii  logrotate                    3.8.7-1+b1
ii  lsb-base                     4.1+Debian13+nmu1
ii  python-dnspython             1.12.0-1
pn  python:any                   <none>
ii  ucf                          3.0030

Versions of packages mailman recommends:
ii  postfix [mail-transport-agent]  2.11.3-1

Versions of packages mailman suggests:
ii  listadmin     2.40-4
ii  lynx          2.8.9dev1-2+deb8u1
ii  spamassassin  3.4.0-6

-- Configuration Files:
/etc/mailman/apache.conf changed [not included]

-- debconf information excluded