Mandrake Linux Security Advisory : mailman (MDKSA-2006:165)
Medium Nessus Plugin ID 23909
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941).
As well, a number of XSS (cross-site scripting) issues were discovered that could be exploited to perform XSS attacks against the Mailman administrator (CVE-2006-3636).
Finally, a CRLF injection vulnerability allows remote attackers to spoof messages in the error log (CVE-2006-4624).
Updated packages have been patched to address these issues.
SolutionUpdate the affected mailman package.