Executive Summary
| Summary | |
|---|---|
| Title | New ecartis and listar packages fix password change vulnerability |
| Informations | |||
|---|---|---|---|
| Name | DSA-271 | First vendor Publication | 2003-03-27 |
| Vendor | Debian | Last vendor Modification | 2003-03-27 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins. For the stable distribution (woody) this problem has been fixed in version 0.129a+1.0.0-snap20020514-1.1 of ecartis. For the old stable distribution (potato) this problem has been fixed in version 0.129a-2.potato3 of listar. For the unstable distribution (sid) this problem has been fixed in version 1.0.0+cvs.20030321-1 of ecartis. We recommend that you upgrade your ecartis and listar packages. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-271 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 271-1 (ecartis, listar) File : nvt/deb_271_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 9796 | Ecartis HTML Field Manipulation Arbitrary User Password Reset |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-271.nasl - Type : ACT_GATHER_INFO |
| 2003-03-30 | Name : A web application running on the remote host has an arbitrary password reset ... File : ecartis_hidden_username.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:31:59 |
|
