ID CVE-2002-0389 Type cve Reporter cve@mitre.org Modified 2016-12-28T02:59:00
Description
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
{"osvdb": [{"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 8874\n[CVE-2002-0389](https://vulners.com/cve/CVE-2002-0389)\nBugtraq ID: 4538\n", "modified": "2004-04-08T23:13:15", "published": "2004-04-08T23:13:15", "id": "OSVDB:5309", "href": "https://vulners.com/osvdb/OSVDB:5309", "title": "Mailman Pipermail Predictable File Name Private Mail Disclosure", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-01T03:00:29", "bulletinFamily": "scanner", "description": "local users could read mailman", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2012-298.NASL", "href": "https://www.tenable.com/plugins/nessus/74637", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : mailman (openSUSE-SU-2012:0660-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-298.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74637);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 10:38:32\");\n\n script_cve_id(\"CVE-2002-0389\");\n\n script_name(english:\"openSUSE Security Update : mailman (openSUSE-SU-2012:0660-1)\");\n script_summary(english:\"Check for the openSUSE-2012-298 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"local users could read mailman's mail archive\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00043.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mailman-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mailman-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mailman-2.1.14-10.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mailman-debuginfo-2.1.14-10.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"mailman-debugsource-2.1.14-10.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman / mailman-debuginfo / mailman-debugsource\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-01T02:15:28", "bulletinFamily": "scanner", "description": "Updated mailman packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC)\nwould recognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a\nmail server with a ", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2015-1417.NASL", "href": "https://www.tenable.com/plugins/nessus/85018", "published": "2015-07-28T00:00:00", "title": "CentOS 6 : mailman (CESA-2015:1417)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1417 and \n# CentOS Errata and Security Advisory 2015:1417 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85018);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2019/10/02 15:30:19\");\n\n script_cve_id(\"CVE-2002-0389\", \"CVE-2015-2775\");\n script_bugtraq_id(4538, 73922);\n script_xref(name:\"RHSA\", value:\"2015:1417\");\n\n script_name(english:\"CentOS 6 : mailman (CESA-2015:1417)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mailman packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC)\nwould recognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a\nmail server with a 'reject' policy for DMARC, such as yahoo.com or\nAOL.com, were unable to receive Mailman forwarded messages from\nsenders residing in any domain that provided DKIM signatures. With\nthis update, domains with a 'reject' DMARC policy are recognized\ncorrectly, and Mailman list administrators are able to configure the\nway these messages are handled. As a result, after a proper\nconfiguration, subscribers now correctly receive Mailman forwarded\nmessages in this scenario. (BZ#1095359)\n\n* Mailman used a console encoding when generating a subject for a\n'welcome email' when new mailing lists were created by the 'newlist'\ncommand. Consequently, when the console encoding did not match the\nencoding used by Mailman for that particular language, characters in\nthe 'welcome email' could be displayed incorrectly. Mailman has been\nfixed to use the correct encoding, and characters in the 'welcome\nemail' are now displayed properly. (BZ#1056366)\n\n* The 'rmlist' command used a hard-coded path to list data based on\nthe VAR_PREFIX configuration variable. As a consequence, when the list\nwas created outside of VAR_PREFIX, it was impossible to remove it\nusing the 'rmlist' command. With this update, the 'rmlist' command\nuses the correct LIST_DATA_DIR value instead of VAR_PREFIX, and it is\nnow possible to remove the list in described situation. (BZ#1008139)\n\n* Due to an incompatibility between Python and Mailman in Red Hat\nEnterprise Linux 6, when moderators were approving a moderated message\nto a mailing list and checked the 'Preserve messages for the site\nadministrator' checkbox, Mailman failed to approve the message and\nreturned an error. This incompatibility has been fixed, and Mailman\nnow approves messages as expected in this scenario. (BZ#765807)\n\n* When Mailman was set to not archive a list but the archive was not\nset to private, attachments sent to that list were placed in a public\narchive. Consequently, users of Mailman web interface could list\nprivate attachments because httpd configuration of public archive\ndirectory allows listing all files in the archive directory. The httpd\nconfiguration of Mailman has been fixed to not allow listing of\nprivate archive directory, and users of Mailman web interface are no\nlonger able to list private attachments. (BZ#745409)\n\nUsers of mailman are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-July/002012.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?164fbadd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"mailman-2.1.12-25.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:13:06", "bulletinFamily": "scanner", "description": "It was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a world-\nreadable directory. A local user could use this flaw to read private\nmailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n - Previously, it was impossible to configure Mailman in a\n way that Domain- based Message Authentication, Reporting\n & Conformance (DMARC) would recognize Sender\n alignment for Domain Key Identified Mail (DKIM)\n signatures. Consequently, Mailman list subscribers that\n belonged to a mail server with a ", "modified": "2019-11-02T00:00:00", "id": "SL_20150722_MAILMAN_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85201", "published": "2015-08-04T00:00:00", "title": "Scientific Linux Security Update : mailman on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85201);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2019/07/11 12:05:37\");\n\n script_cve_id(\"CVE-2002-0389\", \"CVE-2015-2775\");\n\n script_name(english:\"Scientific Linux Security Update : mailman on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a world-\nreadable directory. A local user could use this flaw to read private\nmailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n - Previously, it was impossible to configure Mailman in a\n way that Domain- based Message Authentication, Reporting\n & Conformance (DMARC) would recognize Sender\n alignment for Domain Key Identified Mail (DKIM)\n signatures. Consequently, Mailman list subscribers that\n belonged to a mail server with a 'reject' policy for\n DMARC, such as yahoo.com or AOL.com, were unable to\n receive Mailman forwarded messages from senders residing\n in any domain that provided DKIM signatures. With this\n update, domains with a 'reject' DMARC policy are\n recognized correctly, and Mailman list administrators\n are able to configure the way these messages are\n handled. As a result, after a proper configuration,\n subscribers now correctly receive Mailman forwarded\n messages in this scenario.\n\n - Mailman used a console encoding when generating a\n subject for a 'welcome email' when new mailing lists\n were created by the 'newlist' command. Consequently,\n when the console encoding did not match the encoding\n used by Mailman for that particular language, characters\n in the 'welcome email' could be displayed incorrectly.\n Mailman has been fixed to use the correct encoding, and\n characters in the 'welcome email' are now displayed\n properly.\n\n - The 'rmlist' command used a hard-coded path to list data\n based on the VAR_PREFIX configuration variable. As a\n consequence, when the list was created outside of\n VAR_PREFIX, it was impossible to remove it using the\n 'rmlist' command. With this update, the 'rmlist' command\n uses the correct LIST_DATA_DIR value instead of\n VAR_PREFIX, and it is now possible to remove the list in\n described situation.\n\n - Due to an incompatibility between Python and Mailman in\n Scientific Linux 6, when moderators were approving a\n moderated message to a mailing list and checked the\n 'Preserve messages for the site administrator' checkbox,\n Mailman failed to approve the message and returned an\n error. This incompatibility has been fixed, and Mailman\n now approves messages as expected in this scenario.\n\n - When Mailman was set to not archive a list but the\n archive was not set to private, attachments sent to that\n list were placed in a public archive. Consequently,\n users of Mailman web interface could list private\n attachments because httpd configuration of public\n archive directory allows listing all files in the\n archive directory. The httpd configuration of Mailman\n has been fixed to not allow listing of private archive\n directory, and users of Mailman web interface are no\n longer able to list private attachments.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=1781\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76d7f76a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman and / or mailman-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"mailman-2.1.12-25.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mailman-debuginfo-2.1.12-25.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:13:58", "bulletinFamily": "scanner", "description": "It was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2015-582.NASL", "href": "https://www.tenable.com/plugins/nessus/85455", "published": "2015-08-18T00:00:00", "title": "Amazon Linux AMI : mailman (ALAS-2015-582)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-582.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85455);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2002-0389\", \"CVE-2015-2775\");\n script_xref(name:\"ALAS\", value:\"2015-582\");\n script_xref(name:\"RHSA\", value:\"2015:1417\");\n\n script_name(english:\"Amazon Linux AMI : mailman (ALAS-2015-582)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-582.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mailman' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mailman-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mailman-2.1.15-21.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mailman-debuginfo-2.1.15-21.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman / mailman-debuginfo\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:21:01", "bulletinFamily": "scanner", "description": "Updated mailman packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC)\nwould recognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a\nmail server with a ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2015-1417.NASL", "href": "https://www.tenable.com/plugins/nessus/84944", "published": "2015-07-23T00:00:00", "title": "RHEL 6 : mailman (RHSA-2015:1417)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1417. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84944);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2002-0389\", \"CVE-2015-2775\");\n script_bugtraq_id(4538, 73922);\n script_xref(name:\"RHSA\", value:\"2015:1417\");\n\n script_name(english:\"RHEL 6 : mailman (RHSA-2015:1417)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated mailman packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC)\nwould recognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a\nmail server with a 'reject' policy for DMARC, such as yahoo.com or\nAOL.com, were unable to receive Mailman forwarded messages from\nsenders residing in any domain that provided DKIM signatures. With\nthis update, domains with a 'reject' DMARC policy are recognized\ncorrectly, and Mailman list administrators are able to configure the\nway these messages are handled. As a result, after a proper\nconfiguration, subscribers now correctly receive Mailman forwarded\nmessages in this scenario. (BZ#1095359)\n\n* Mailman used a console encoding when generating a subject for a\n'welcome email' when new mailing lists were created by the 'newlist'\ncommand. Consequently, when the console encoding did not match the\nencoding used by Mailman for that particular language, characters in\nthe 'welcome email' could be displayed incorrectly. Mailman has been\nfixed to use the correct encoding, and characters in the 'welcome\nemail' are now displayed properly. (BZ#1056366)\n\n* The 'rmlist' command used a hard-coded path to list data based on\nthe VAR_PREFIX configuration variable. As a consequence, when the list\nwas created outside of VAR_PREFIX, it was impossible to remove it\nusing the 'rmlist' command. With this update, the 'rmlist' command\nuses the correct LIST_DATA_DIR value instead of VAR_PREFIX, and it is\nnow possible to remove the list in described situation. (BZ#1008139)\n\n* Due to an incompatibility between Python and Mailman in Red Hat\nEnterprise Linux 6, when moderators were approving a moderated message\nto a mailing list and checked the 'Preserve messages for the site\nadministrator' checkbox, Mailman failed to approve the message and\nreturned an error. This incompatibility has been fixed, and Mailman\nnow approves messages as expected in this scenario. (BZ#765807)\n\n* When Mailman was set to not archive a list but the archive was not\nset to private, attachments sent to that list were placed in a public\narchive. Consequently, users of Mailman web interface could list\nprivate attachments because httpd configuration of public archive\ndirectory allows listing all files in the archive directory. The httpd\nconfiguration of Mailman has been fixed to not allow listing of\nprivate archive directory, and users of Mailman web interface are no\nlonger able to list private attachments. (BZ#745409)\n\nUsers of mailman are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman and / or mailman-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mailman-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1417\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mailman-2.1.12-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mailman-2.1.12-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mailman-2.1.12-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mailman-debuginfo-2.1.12-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mailman-debuginfo-2.1.12-25.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mailman-debuginfo-2.1.12-25.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman / mailman-debuginfo\");\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:14:34", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1417 :\n\nUpdated mailman packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC)\nwould recognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a\nmail server with a ", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-1417.NASL", "href": "https://www.tenable.com/plugins/nessus/85105", "published": "2015-07-30T00:00:00", "title": "Oracle Linux 6 : mailman (ELSA-2015-1417)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1417 and \n# Oracle Linux Security Advisory ELSA-2015-1417 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85105);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2002-0389\", \"CVE-2015-2775\");\n script_bugtraq_id(4538, 73922);\n script_xref(name:\"RHSA\", value:\"2015:1417\");\n\n script_name(english:\"Oracle Linux 6 : mailman (ELSA-2015-1417)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1417 :\n\nUpdated mailman packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nMailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before\npassing it to certain MTAs. A local attacker could use this flaw to\nexecute arbitrary code as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a\nworld-readable directory. A local user could use this flaw to read\nprivate mailing list archives. (CVE-2002-0389)\n\nThis update also fixes the following bugs :\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC)\nwould recognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a\nmail server with a 'reject' policy for DMARC, such as yahoo.com or\nAOL.com, were unable to receive Mailman forwarded messages from\nsenders residing in any domain that provided DKIM signatures. With\nthis update, domains with a 'reject' DMARC policy are recognized\ncorrectly, and Mailman list administrators are able to configure the\nway these messages are handled. As a result, after a proper\nconfiguration, subscribers now correctly receive Mailman forwarded\nmessages in this scenario. (BZ#1095359)\n\n* Mailman used a console encoding when generating a subject for a\n'welcome email' when new mailing lists were created by the 'newlist'\ncommand. Consequently, when the console encoding did not match the\nencoding used by Mailman for that particular language, characters in\nthe 'welcome email' could be displayed incorrectly. Mailman has been\nfixed to use the correct encoding, and characters in the 'welcome\nemail' are now displayed properly. (BZ#1056366)\n\n* The 'rmlist' command used a hard-coded path to list data based on\nthe VAR_PREFIX configuration variable. As a consequence, when the list\nwas created outside of VAR_PREFIX, it was impossible to remove it\nusing the 'rmlist' command. With this update, the 'rmlist' command\nuses the correct LIST_DATA_DIR value instead of VAR_PREFIX, and it is\nnow possible to remove the list in described situation. (BZ#1008139)\n\n* Due to an incompatibility between Python and Mailman in Red Hat\nEnterprise Linux 6, when moderators were approving a moderated message\nto a mailing list and checked the 'Preserve messages for the site\nadministrator' checkbox, Mailman failed to approve the message and\nreturned an error. This incompatibility has been fixed, and Mailman\nnow approves messages as expected in this scenario. (BZ#765807)\n\n* When Mailman was set to not archive a list but the archive was not\nset to private, attachments sent to that list were placed in a public\narchive. Consequently, users of Mailman web interface could list\nprivate attachments because httpd configuration of public archive\ndirectory allows listing all files in the archive directory. The httpd\nconfiguration of Mailman has been fixed to not allow listing of\nprivate archive directory, and users of Mailman web interface are no\nlonger able to list private attachments. (BZ#745409)\n\nUsers of mailman are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005232.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"mailman-2.1.12-25.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310871400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871400", "title": "RedHat Update for mailman RHSA-2015:1417-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mailman RHSA-2015:1417-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871400\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2002-0389\", \"CVE-2015-2775\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:25:14 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for mailman RHSA-2015:1417-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mailman'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before passing it\nto certain MTAs. A local attacker could use this flaw to execute arbitrary\ncode as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a world-readable\ndirectory. A local user could use this flaw to read private mailing list\narchives. (CVE-2002-0389)\n\nThis update also fixes the following bugs:\n\n * Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC) would\nrecognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a mail\nserver with a 'reject' policy for DMARC, such as yahoo.com or AOL.com, were\nunable to receive Mailman forwarded messages from senders residing in any\ndomain that provided DKIM signatures. With this update, domains with a\n'reject' DMARC policy are recognized correctly, and Mailman list\nadministrators are able to configure the way these messages are handled.\nAs a result, after a proper configuration, subscribers now correctly\nreceive Mailman forwarded messages in this scenario. (BZ#1095359)\n\n * Mailman used a console encoding when generating a subject for a 'welcome\nemail' when new mailing lists were created by the 'newlist' command.\nConsequently, when the console encoding did not match the encoding used by\nMailman for that particular language, characters in the 'welcome email'\ncould be displayed incorrectly. Mailman has been fixed to use the correct\nencoding, and characters in the 'welcome email' are now displayed properly.\n(BZ#1056366)\n\n * The 'rmlist' command used a hardcoded path to list data based on the\nVAR_PREFIX configuration variable. As a consequence, when the list was\ncreated outside of VAR_PREFIX, it was impossible to remove it using the\n'rmlist' command. With this update, the 'rmlist' command uses the correct\nLIST_DATA_DIR value instead of VAR_PREFIX, and it is now possible to remove\nthe list in described situation. (BZ#1008139)\n\n * Due to an incompatibility between Python and Mailman in Red Hat\nEnterprise Linux 6, when moderators were approving a moderated message to a\nmailing list and checked the 'Preserve messages for the site administrator'\ncheckbox, Mailman failed to approve the message and returned an error.\nThis incompatibility has been fixed, and Mailman now approves messages as\nexpected in this scenario. (BZ#765807)\n\n * When Mailman was set to no ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"mailman on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1417-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mailman\", rpm:\"mailman~2.1.12~25.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mailman-debuginfo\", rpm:\"mailman-debuginfo~2.1.12~25.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120503", "title": "Amazon Linux Local Check: ALAS-2015-582", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-582.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120503\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:27:58 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-582\");\n script_tag(name:\"insight\", value:\"It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. (CVE-2015-2775 )It was found that mailman stored private email messages in a world-readable directory. A local user could use this flaw to read private mailing list archives. (CVE-2002-0389 )\");\n script_tag(name:\"solution\", value:\"Run yum update mailman to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-582.html\");\n script_cve_id(\"CVE-2002-0389\", \"CVE-2015-2775\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"mailman\", rpm:\"mailman~2.1.15~21.20.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"mailman-debuginfo\", rpm:\"mailman-debuginfo~2.1.15~21.20.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1417", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123059", "title": "Oracle Linux Local Check: ELSA-2015-1417", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1417.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123059\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:50 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1417\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1417 - mailman security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1417\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1417.html\");\n script_cve_id(\"CVE-2015-2775\", \"CVE-2002-0389\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"mailman\", rpm:\"mailman~2.1.12~25.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2019-05-29T19:20:46", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. ([CVE-2015-2775 __](<https://access.redhat.com/security/cve/CVE-2015-2775>))\n\nIt was found that mailman stored private email messages in a world-readable directory. A local user could use this flaw to read private mailing list archives. ([CVE-2002-0389 __](<https://access.redhat.com/security/cve/CVE-2002-0389>))\n\n \n**Affected Packages:** \n\n\nmailman\n\n \n**Issue Correction:** \nRun _yum update mailman_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mailman-2.1.15-21.20.amzn1.i686 \n mailman-debuginfo-2.1.15-21.20.amzn1.i686 \n \n src: \n mailman-2.1.15-21.20.amzn1.src \n \n x86_64: \n mailman-debuginfo-2.1.15-21.20.amzn1.x86_64 \n mailman-2.1.15-21.20.amzn1.x86_64 \n \n \n", "modified": "2015-08-17T12:31:00", "published": "2015-08-17T12:31:00", "id": "ALAS-2015-582", "href": "https://alas.aws.amazon.com/ALAS-2015-582.html", "title": "Medium: mailman", "type": "amazon", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "description": "Mailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before passing it\nto certain MTAs. A local attacker could use this flaw to execute arbitrary\ncode as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a world-readable\ndirectory. A local user could use this flaw to read private mailing list\narchives. (CVE-2002-0389)\n\nThis update also fixes the following bugs:\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC) would\nrecognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a mail\nserver with a \"reject\" policy for DMARC, such as yahoo.com or AOL.com, were\nunable to receive Mailman forwarded messages from senders residing in any\ndomain that provided DKIM signatures. With this update, domains with a\n\"reject\" DMARC policy are recognized correctly, and Mailman list\nadministrators are able to configure the way these messages are handled.\nAs a result, after a proper configuration, subscribers now correctly\nreceive Mailman forwarded messages in this scenario. (BZ#1095359)\n\n* Mailman used a console encoding when generating a subject for a \"welcome\nemail\" when new mailing lists were created by the \"newlist\" command.\nConsequently, when the console encoding did not match the encoding used by\nMailman for that particular language, characters in the \"welcome email\"\ncould be displayed incorrectly. Mailman has been fixed to use the correct\nencoding, and characters in the \"welcome email\" are now displayed properly.\n(BZ#1056366)\n\n* The \"rmlist\" command used a hardcoded path to list data based on the\nVAR_PREFIX configuration variable. As a consequence, when the list was\ncreated outside of VAR_PREFIX, it was impossible to remove it using the\n\"rmlist\" command. With this update, the \"rmlist\" command uses the correct\nLIST_DATA_DIR value instead of VAR_PREFIX, and it is now possible to remove\nthe list in described situation. (BZ#1008139)\n\n* Due to an incompatibility between Python and Mailman in Red Hat\nEnterprise Linux 6, when moderators were approving a moderated message to a\nmailing list and checked the \"Preserve messages for the site administrator\"\ncheckbox, Mailman failed to approve the message and returned an error.\nThis incompatibility has been fixed, and Mailman now approves messages as\nexpected in this scenario. (BZ#765807)\n\n* When Mailman was set to not archive a list but the archive was not set to\nprivate, attachments sent to that list were placed in a public archive.\nConsequently, users of Mailman web interface could list private attachments\nbecause httpd configuration of public archive directory allows listing all\nfiles in the archive directory. The httpd configuration of Mailman has been\nfixed to not allow listing of private archive directory, and users of\nMailman web interface are no longer able to list private attachments.\n(BZ#745409)\n\nUsers of mailman are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:22", "published": "2015-07-22T04:00:00", "id": "RHSA-2015:1417", "href": "https://access.redhat.com/errata/RHSA-2015:1417", "type": "redhat", "title": "(RHSA-2015:1417) Moderate: mailman security and bug fix update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:35:12", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1417\n\n\nMailman is a program used to help manage e-mail discussion lists.\n\nIt was found that mailman did not sanitize the list name before passing it\nto certain MTAs. A local attacker could use this flaw to execute arbitrary\ncode as the user running mailman. (CVE-2015-2775)\n\nIt was found that mailman stored private email messages in a world-readable\ndirectory. A local user could use this flaw to read private mailing list\narchives. (CVE-2002-0389)\n\nThis update also fixes the following bugs:\n\n* Previously, it was impossible to configure Mailman in a way that\nDomain-based Message Authentication, Reporting & Conformance (DMARC) would\nrecognize Sender alignment for Domain Key Identified Mail (DKIM)\nsignatures. Consequently, Mailman list subscribers that belonged to a mail\nserver with a \"reject\" policy for DMARC, such as yahoo.com or AOL.com, were\nunable to receive Mailman forwarded messages from senders residing in any\ndomain that provided DKIM signatures. With this update, domains with a\n\"reject\" DMARC policy are recognized correctly, and Mailman list\nadministrators are able to configure the way these messages are handled.\nAs a result, after a proper configuration, subscribers now correctly\nreceive Mailman forwarded messages in this scenario. (BZ#1095359)\n\n* Mailman used a console encoding when generating a subject for a \"welcome\nemail\" when new mailing lists were created by the \"newlist\" command.\nConsequently, when the console encoding did not match the encoding used by\nMailman for that particular language, characters in the \"welcome email\"\ncould be displayed incorrectly. Mailman has been fixed to use the correct\nencoding, and characters in the \"welcome email\" are now displayed properly.\n(BZ#1056366)\n\n* The \"rmlist\" command used a hardcoded path to list data based on the\nVAR_PREFIX configuration variable. As a consequence, when the list was\ncreated outside of VAR_PREFIX, it was impossible to remove it using the\n\"rmlist\" command. With this update, the \"rmlist\" command uses the correct\nLIST_DATA_DIR value instead of VAR_PREFIX, and it is now possible to remove\nthe list in described situation. (BZ#1008139)\n\n* Due to an incompatibility between Python and Mailman in Red Hat\nEnterprise Linux 6, when moderators were approving a moderated message to a\nmailing list and checked the \"Preserve messages for the site administrator\"\ncheckbox, Mailman failed to approve the message and returned an error.\nThis incompatibility has been fixed, and Mailman now approves messages as\nexpected in this scenario. (BZ#765807)\n\n* When Mailman was set to not archive a list but the archive was not set to\nprivate, attachments sent to that list were placed in a public archive.\nConsequently, users of Mailman web interface could list private attachments\nbecause httpd configuration of public archive directory allows listing all\nfiles in the archive directory. The httpd configuration of Mailman has been\nfixed to not allow listing of private archive directory, and users of\nMailman web interface are no longer able to list private attachments.\n(BZ#745409)\n\nUsers of mailman are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/002012.html\n\n**Affected packages:**\nmailman\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1417.html", "modified": "2015-07-26T14:12:20", "published": "2015-07-26T14:12:20", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/002012.html", "id": "CESA-2015:1417", "title": "mailman security update", "type": "centos", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "unix", "description": "[3:2.1.12-25]\n- fix CVE-2002-0389 - local users able to read private mailing list archives\n[3:2.1.12-24]\n- fix CVE-2015-2775 - directory traversal in MTA transports\n[3:2.1.12-23]\n- fix #1095359 - handle update when some mailing lists have been created\n by newer Mailman than this one\n[3:2.1.12-22]\n- fix #1095359 - add support for DMARC\n[3:2.1.12-21]\n- fix #1056366 - fix bad subject of the welcome email when creating list using\n newlist command\n[3:2.1.12-20]\n- fix #745409 - do not set Indexes in httpd configuration for public archive\n- fix #1008139 - fix traceback when list_data_dir is not a child of var_prefix\n[3:2.1.12-19]\n- fix #765807 - fix traceback when message is received to moderated list", "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1417", "href": "http://linux.oracle.com/errata/ELSA-2015-1417.html", "title": "mailman security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}
