| VID |
21973 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mailman software is vulnerable to a log spoofing vulnerability via the error log. Mailman is a open-source mailing list manager with strong Web functionality for Linux-based operating systems. GNU Mailman versions prior to 2.1.9 rc1 are vulnerable to a log spoofing vulnerability via the error in the logging function. A remote attacker could exploit this vulnerability by injecting a spoofed log message in the error log using a specially-crafted URL and persuading a potential victim to visit the site.
* References:
http://www.frsirt.com/english/advisories/2006/3446
http://www.gnu.org/software/mailman/
http://secunia.com/advisories/21732/
https://sourceforge.net/project/shownotes.php?release_id=444295&group_id=103
http://mail.python.org/pipermail/mailman-announce/2006-September/000086.html
* Platforms Affected:
GNU Project, GNU Mailman versions prior to 2.1.9 rc1
Linux Any version |
| Recommendation |
Upgrade to the latest version of GNU Mailman (2.1.9 rc1 or later), available from the SourceForge.net Download Web site at https://sourceforge.net/project/showfiles.php?group_id=103 |
| Related URL |
CVE-2006-4624 (CVE) |
| Related URL |
19831,20021 (SecurityFocus) |
| Related URL |
28734 (ISS) |
|
