Mailman Crated Email Remote User Password Disclosure

medium Nessus Plugin ID 12253

Language:

Synopsis

The remote host is running a mailing list application that is affected by a password disclosure vulnerability.

Description

The target is running a version of the Mailman mailing list software that allows a list subscriber to retrieve the mailman password of any other subscriber by means of a specially crafted mail message to the server. That is, a message sent to $listname-request@$target containing the lines :

password address=$victim password address=$subscriber

will return the password of both $victim and $subscriber for the list $listname@$target.

***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number of Mailman installed
***** there.

Solution

Upgrade to Mailman version 2.1.5 or newer as this reportedly fixes the issue.

See Also

http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html

Plugin Details

Severity: Medium

ID: 12253

File Name: mailman_password_retrieval.nasl

Version: 1.24

Type: remote

Family: Misc.

Published: 5/26/2004

Updated: 10/23/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:gnu:mailman

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/15/2004

Reference Information

CVE: CVE-2004-0412

BID: 10412

CLSA: CLSA-2004:842

FLSA: FEDORA-2004-1734

GLSA: GLSA-200406-04

MDKSA: MDKSA-2004:051