This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
A flaw was discovered in how Mailman handles MIME multipart messages
where an attacker could send a carefully-crafted MIME multipart
message to a Mailman-run mailing list causing that mailing list to
stop working (CVE-2006-2941).
As well, a number of XSS (cross-site scripting) issues were discovered
that could be exploited to perform XSS attacks against the Mailman
Finally, a CRLF injection vulnerability allows remote attackers to
spoof messages in the error log (CVE-2006-4624).
Updated packages have been patched to address these issues.
Update the affected mailman package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 23909 (mandrake_MDKSA-2006-165.nasl)
Bugtraq ID: 19831
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now