Executive Summary

Summary
Title New mailman packages fix bug introduced in DSA 436-1
Informations
Name DSA-436 First vendor Publication 2004-02-08
Vendor Debian Last vendor Modification 2004-02-21
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been fixed in the mailman package:

- CAN-2003-0038 - potential cross-site scripting via certain CGI parameters (not known to be exploitable in this version)

- CAN-2003-0965 - cross-site scripting in the administrative interface

- CAN-2003-0991 - certain malformed email commands could cause the mailman process to crash

The cross-site scripting vulnerabilities could allow an attacker to perform administrative operations without authorization, by stealing a session cookie.

In the process of fixing these vulnerabilities for DSA 436-1, a bug was introduced which could cause mailman to crash on certain malformed messages.

For the current stable distribution (woody) this problem has been fixed in version 2.0.11-1woody8.

The update for the unstable distribution did not share the bug introduced in DSA 436-1.

We recommend that you update your mailman package.

Original Source

Url : http://www.debian.org/security/2004/dsa-436

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:813
 
Oval ID: oval:org.mitre.oval:def:813
Title: Mailman Cross-site Scripting Vulnerability
Description: Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0965
Version: 4
Platform(s): Red Hat Linux 9
Product(s): Mailman
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 31
Application 1

OpenVAS Exploits

Date Description
2008-09-04 Name : FreeBSD Ports: mailman
File : nvt/freebsd_mailman0.nasl
2008-09-04 Name : FreeBSD Ports: mailman
File : nvt/freebsd_mailman1.nasl
2008-09-04 Name : FreeBSD Ports: mailman
File : nvt/freebsd_mailman3.nasl
2008-01-17 Name : Debian Security Advisory DSA 436-1 (mailman)
File : nvt/deb_436_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 436-2 (mailman)
File : nvt/deb_436_2.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
11749 Mailman Mail Command Handler Malformed E-mail DoS

Mailman contains a flaw that may allow a remote denial of service. The issue is due to an error in the mail command handler. By sending a specially crafted email command, a remote attacker can cause a denial of service, resulting in loss of availability for the mailman service.
9206 Mailman Error Page XSS

Mailman contains a flaw that allows a remote cross site scripting attack. This flaw exists because the default error page does not adequately validate its input. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
9205 Mailman options.py email Parameter XSS

Mailman contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the email variable upon submission to the options.py script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
3305 Mailman Admin Pages XSS

Mailman contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user supplied input upon submission to the admin scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2009-04-23 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_00263aa367a811d880e30020ed76ef5a.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_3cb88bb267a611d880e30020ed76ef5a.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b0e7687767a811d880e30020ed76ef5a.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-436.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2004-013.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2004-019.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2004-156.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:33:04
  • Multiple Updates