Mandrake Linux Security Advisory : mailman (MDKSA-2005:222)

High Nessus Plugin ID 20453


The remote Mandrake Linux host is missing a security update.

Description in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573)

In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message.

The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code.

Updated packages are patched to correct these issues.


Update the affected mailman package.

Plugin Details

Severity: High

ID: 20453

File Name: mandrake_MDKSA-2005-222.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2006/01/15

Modified: 2013/06/03

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mailman, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/12/02

Reference Information

CVE: CVE-2005-3573, CVE-2005-4153

MDKSA: 2005:222