Mandrake Linux Security Advisory : mailman (MDKSA-2005:222)
High Nessus Plugin ID 20453
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionScrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573)
In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message.
The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code.
Updated packages are patched to correct these issues.
SolutionUpdate the affected mailman package.