Executive Summary
Summary | |
---|---|
Title | New mailman packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-1027 | First vendor Publication | 2006-04-06 |
Vendor | Debian | Last vendor Modification | 2006-04-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A potential denial of service problem has been discovered in mailman, the web-based GNU mailing list manager. The (failing) parsing of messages with malformed mime multiparts sometimes caused the whole mailing list to become inoperative. The old stable distribution (woody) is not vulnerable to this issue. For the stable distribution (sarge) this problem has been fixed in version 2.1.5-8sarge2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your mailman package. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1027 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9475 | |||
Oval ID: | oval:org.mitre.oval:def:9475 | ||
Title: | The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | ||
Description: | The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0052 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mailman File : nvt/sles9p5019648.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1027-1 (mailman) File : nvt/deb_1027_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24367 | Mailman Scrubber.py Crafted Multipart MIME Message DoS Mailman contains a flaw that may allow a remote denial of service. The issue is triggered when a multipart MIME message with a malformed part is received by the 'Scrubber.py' script, and will result in loss of availability for the list. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1027.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0486.nasl - Type : ACT_GATHER_INFO |
2006-06-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0486.nasl - Type : ACT_GATHER_INFO |
2006-04-04 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-267-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:25:38 |
|