FreeBSD : mailman -- Multiple Vulnerabilities (fffa9257-3c17-11db-86ab-00123ffe8333)
High Nessus Plugin ID 22304
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSecunia reports :
Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service).
1) An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL.
Successful exploitation may trick an administrator into visiting a malicious website.
2) An error in the processing of malformed headers which does not follow the RFC 2231 standard can be exploited to cause a DoS (Denial of Service).
3) Some unspecified input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
SolutionUpdate the affected packages.