| VID |
21464 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server is running a version of GNU Mailman which is older or equal to 2.1.5. Mailman is a open-source mailing list manager with strong Web functionality for Linux-based operating systems. GNU Mailman versions 2.1.5 and earlier can be exploited by malicious people to conduct cross-site scripting attacks and potentially brute force a user's password.
1) A cross-site scripting vulnerability: Input is not properly sanitized by "scripts/driver" when returning error pages. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site by tricking a user into visiting a malicious web site or follow a specially crafted link.
2) A weak auto-generated password vulnerability: A weakness in the algorithm of the automatic password generation causes only about five million different passwords to be generated. This makes it easier to brute force automatically generated passwords.
* Note: This check solely relied on the version number of Mailman installed on the target Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/13603/
* Platforms Affected:
GNU Project, GNU Mailman versions 2.1.5 and earlier
Linux Any version |
| Recommendation |
For Ubuntu Linux:
Upgrade to the latest mailman package (2.1.5-1ubuntu2.1 or later), as listed in [USN-59-1] mailman vulnerabilities at http://lists.ubuntu.com/archives/ubuntu-security-announce/2005-January/000061.html
For other distributions:
No upgrade or patch available as of January 2005. Upgrade to the fixed version of Mailman, when new fixed version becomes available from the GNU Mailman Web site at http://www.gnu.org/software/mailman/download.html
As a workaround for the password weakness, choose a strong password for subscriptions, instead of letting Mailman generate one. |
| Related URL |
CVE-2004-1143,CVE-2004-1177 (CVE) |
| Related URL |
12243 (SecurityFocus) |
| Related URL |
18854,18857 (ISS) |
|
