Detections
Analytics

Debian DSA-955-1 : mailman - DoS

high Nessus Plugin ID 22821

Synopsis

The remote Debian host is missing a security-related update.

Description

Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash.

The old stable distribution (woody) is not vulnerable to this issue.

Solution

Upgrade the mailman package immediately.

For the stable distribution (sarge) this problem has been fixed in version 2.1.5-8sarge1.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339095

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326024

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732

http://www.debian.org/security/2006/dsa-955

Plugin Details

Severity: High

ID: 22821

File Name: debian_DSA-955.nasl

Version: 1.19

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mailman, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 1/25/2006

Vulnerability Publication Date: 9/11/2005

Reference Information

CVE: CVE-2005-3573, CVE-2005-4153

DSA: 955