Info

Disclosure

Jan 09, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mailman contains a flaw that may allow a remote denial of service. The issue is triggered when a multipart MIME message with a malformed part is received by the 'Scrubber.py' script, and will result in loss of availability for the list.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Upgrade to version the version recommended by the vendor, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mandriva	Mailman	mailman-2.1.5-15mdk
		mailman-2.1.5-15.3.102mdk
		mailman-2.1.4-2.6.C30mdk

Debian	Mailman	mailman-2.1.5-8sarge2
		mailman-2.1.5-8

Ubuntu	Mailman	mailman_2.1.5-1ubuntu2.7
		mailman_2.1.5-7ubuntu0.2
		mailman_2.1.5-8ubuntu2.2
		mailman_2.1.5-1ubuntu2
		mailman_2.1.5-7
		mailman_2.1.5-8ubuntu2

Free Software Foundation	Mailman	2.1.5
		2.1.6

References

Security Tracker: 1015851
Bugtraq ID: 17311
Secunia Advisory ID: 19522 19545 19571 20624 20782
CVE ID: 2006-0052 (see also: NVD)
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://www.novell.com/linux/security/advisories/2006_08_sr.html
http://www.us.debian.org/security/2006/dsa-1027
Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892
http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/Handlers/Scrubber.py?r1=2.18.2.10&r2=2.18.2.11
http://sourceforge.net/tracker/index.php?func=detail&aid=1099138&group_id=103&atid=100103
Vendor Specific Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:061
http://www.ubuntu.com/usn/usn-267-1
RedHat RHSA: RHSA-2006:0486

Credit

Sven Hartge - svensvenhartge.de -

Direct URL: http://osvdb.org/24367

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mandriva

Mailman

Debian

Mailman

Ubuntu

Mailman

Free Software Foundation

Mailman

References

Credit