Mandrake Linux Security Advisory : mailman (MDKSA-2006:165)

medium Nessus Plugin ID 23909

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941).

As well, a number of XSS (cross-site scripting) issues were discovered that could be exploited to perform XSS attacks against the Mailman administrator (CVE-2006-3636).

Finally, a CRLF injection vulnerability allows remote attackers to spoof messages in the error log (CVE-2006-4624).

Updated packages have been patched to address these issues.

Solution

Update the affected mailman package.

Plugin Details

Severity: Medium

ID: 23909

File Name: mandrake_MDKSA-2006-165.nasl

Version: 1.18

Type: local

Family: Mandriva Local Security Checks

Published: 12/16/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mailman, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/18/2006

Reference Information

CVE: CVE-2006-2941, CVE-2006-3636, CVE-2006-4624

BID: 19831

CWE: 94

MDKSA: 2006:165

Detections

Analytics