Mailman Crated Email Remote User Password Disclosure

Medium Nessus Plugin ID 12253


The remote host is running a mailing list application that is affected by a password disclosure vulnerability.


The target is running a version of the Mailman mailing list software that allows a list subscriber to retrieve the mailman password of any other subscriber by means of a specially crafted mail message to the server. That is, a message sent to [email protected]$target containing the lines :

password address=$victim password address=$subscriber

will return the password of both $victim and $subscriber for the list [email protected]$target.

***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number of Mailman installed
***** there.


Upgrade to Mailman version 2.1.5 or newer as this reportedly fixes the issue.

See Also

Plugin Details

Severity: Medium

ID: 12253

File Name: mailman_password_retrieval.nasl

Version: $Revision: 1.20 $

Type: remote

Family: Misc.

Published: 2004/05/26

Modified: 2012/08/14

Dependencies: 12288, 16338, 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:gnu:mailman

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2004/05/15

Reference Information

CVE: CVE-2004-0412

BID: 10412

OSVDB: 6422

CLSA: CLSA-2004:842

FLSA: FEDORA-2004-1734

GLSA: GLSA-200406-04

MDKSA: MDKSA-2004:051