Detections
Analytics

MiracleLinux 4 : mailman-2.1.12-25.AXS4 (AXSA:2015-303:01)

medium Nessus Plugin ID 289971

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-303:01 advisory.

 Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail <-> news gateways, and so on.
 Security issues fixed with this release:
 CVE-2002-0389 CVE-2015-2775 Fixed bugs:
 * Previously, it was impossible to configure Mailman in a way that Domain-based Message Authentication, Reporting & Conformance (DMARC) would recognize Sender alignment for Domain Key Identified Mail (DKIM) signatures. Consequently, Mailman list subscribers that belonged to a mail server with a reject policy for DMARC, such as yahoo.com or AOL.com, were unable to receive Mailman forwarded messages from senders residing in any domain that provided DKIM signatures. With this update, the bug was fixed.
 * Mailman used a console encoding when generating a subject for a welcome email when new mailing lists were created by the newlist command.
 Consequently, when the console encoding did not match the encoding used by Mailman for that particular language, characters in the welcome email could be displayed incorrectly. With this update, the problem was fixed.
 * The rmlist command used a hardcoded path to list data based on the VAR_PREFIX configuration variable. As a consequence, when the list was created outside of VAR_PREFIX, it was impossible to remove it using the rmlist command. With this update, this bug was fixed.
 * Due to an incompatibility between Python and Mailman in Asianux Server 4, when moderators were approving a moderated message to a mailing list and checked the Preserve messages for the site administrator checkbox, Mailman failed to approve the message and returned an error. This incompatibility has been fixed with this update.
 * When Mailman was set to not archive a list but the archive was not set to private, attachments sent to that list were placed in a public archive.
 Consequently, users of Mailman web interface could list private attachments because httpd configuration of public archive directory allows listing all files in the archive directory. The httpd configuration of Mailman has been fixed in this update.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected mailman package.

See Also

https://tsn.miraclelinux.com/en/node/5648

Plugin Details

Severity: Medium

ID: 289971

File Name: miracle_linux_AXSA-2015-303.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-2775

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2002-0389

Vulnerability Information

CPE: cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:mailman

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/10/2015

Vulnerability Publication Date: 4/16/2002

Reference Information

CVE: CVE-2002-0389, CVE-2015-2775