Mandrake Linux Security Advisory : mailman (MDKSA-2005:222)

high Nessus Plugin ID 20453

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573)

In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message.

The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code.

Updated packages are patched to correct these issues.

Solution

Update the affected mailman package.

Plugin Details

Severity: High

ID: 20453

File Name: mandrake_MDKSA-2005-222.nasl

Version: 1.18

Type: local

Family: Mandriva Local Security Checks

Published: 1/15/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mailman, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/2/2005

Reference Information

CVE: CVE-2005-3573, CVE-2005-4153

MDKSA: 2005:222

Detections

Analytics