FreeBSD : mailman -- CSRF protection enhancements (b11ab01b-6e19-11e6-ab24-080027ef73ec)

Medium Nessus Plugin ID 93211


The remote FreeBSD host is missing a security-related update.


Mark Sapiro reports :

CSRF protection has been extended to the user options page. This was actually fixed by Tokio Kikuchi as part of the fix for LP : #775294 and intended for Mailman 2.1.15, but that fix wasn't completely merged at the time. The full fix also addresses the admindb, and edithtml pages as well as the user options page and the previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 93211

File Name: freebsd_pkg_b11ab01b6e1911e6ab24080027ef73ec.nasl

Version: $Revision: 2.3 $

Type: local

Published: 2016/08/30

Modified: 2016/10/19

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P


Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mailman, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/08/29

Vulnerability Publication Date: 2016/08/19

Reference Information

CVE: CVE-2016-6893