| VID |
21299 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mailman software, according to its version number, has a user password retrieval vulnerability.
GNU Mailman is a freely available open-source mailing list manager for Unix-based operating systems. Mailman versions prior to 2.1.5 contains this vulnerability. By sending a specially crafted mail message to the server, a remote attacker could obtain the mailman password of arbitrary user.
* Note: This check solely relied on the version number of Mailman installed on the target Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/11701/
http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html
* Platforms Affected:
GNU Mailman prior to 2.1.5
Linux Any version |
| Recommendation |
Upgrade to the latest version of Mailman (2.1.5 or later), available from the GNU Mailman Web site at http://www.gnu.org/software/mailman/download.html
For Conectiva Linux:
Upgrade to the latest package of mailman, as listed in Conectiva Linux Security Announcement CLSA-2004:842 at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000842
For Mandrake Linux:
Upgrade to the latest package of mailman, as listed in MandrakeSoft Security Advisory MDKSA-2004:051 at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051 |
| Related URL |
CVE-2004-0412 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
16256 (ISS) |
|
