ID OPENVAS:1361412562310842936 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Ubuntu Update for mailman USN-3118-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.842936");
script_version("$Revision: 14140 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2016-11-08 15:52:52 +0530 (Tue, 08 Nov 2016)");
script_cve_id("CVE-2016-7123", "CVE-2016-6893");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Ubuntu Update for mailman USN-3118-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'mailman'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that the Mailman
administrative web interface did not protect against cross-site request forgery
(CSRF) attacks. If an authenticated user were tricked into visiting a malicious
website while logged into Mailman, a remote attacker could perform administrative
actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)
Nishant Agarwala discovered that the Mailman user options page did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could modify user options.
(CVE-2016-6893)");
script_tag(name:"affected", value:"mailman on Ubuntu 16.04 LTS,
Ubuntu 16.10,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"USN", value:"3118-1");
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-3118-1/");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(14\.04 LTS|12\.04 LTS|16\.04 LTS|16\.10)");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU14.04 LTS")
{
if ((res = isdpkgvuln(pkg:"mailman", ver:"1:2.1.16-2ubuntu0.2", rls:"UBUNTU14.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"mailman", ver:"1:2.1.14-3ubuntu0.4", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU16.04 LTS")
{
if ((res = isdpkgvuln(pkg:"mailman", ver:"1:2.1.20-1ubuntu0.1", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU16.10")
{
if ((res = isdpkgvuln(pkg:"mailman", ver:"1:2.1.22-1ubuntu0.1", rls:"UBUNTU16.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310842936", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for mailman USN-3118-1", "description": "The remote host is missing an update for the ", "published": "2016-11-08T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842936", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-3118-1/", "3118-1"], "cvelist": ["CVE-2016-7123", "CVE-2016-6893"], "lastseen": "2019-05-29T18:35:11", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-7123", "CVE-2016-6893"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3668.NASL", "FREEBSD_PKG_B11AB01B6E1911E6AB24080027EF73EC.NASL", "FEDORA_2018-55B7018374.NASL", "SUSE_SU-2018-1638-1.NASL", "SUSE_SU-2019-14068-1.NASL", "FEDORA_2018-4A699532D3.NASL", "DEBIAN_DLA-608.NASL", "FREEBSD_PKG_9E50DCC3740B11E694A2080027EF73EC.NASL", "ALA_ALAS-2018-985.NASL", "UBUNTU_USN-3118-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-3118-1"]}, {"type": "openvas", "idList": ["OPENVAS:703668", "OPENVAS:1361412562310703668", "OPENVAS:1361412562310874239"]}, {"type": "debian", "idList": ["DEBIAN:DLA-608-1:2C554", "DEBIAN:DSA-3668-1:1A145"]}, {"type": "fedora", "idList": ["FEDORA:96A1762D6B6E", "FEDORA:DAA3F60A408C"]}, {"type": "freebsd", "idList": ["9E50DCC3-740B-11E6-94A2-080027EF73EC", "B11AB01B-6E19-11E6-AB24-080027EF73EC"]}, {"type": "amazon", "idList": ["ALAS-2018-985"]}], "modified": "2019-05-29T18:35:11", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:35:11", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "1361412562310842936", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for mailman USN-3118-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842936\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-08 15:52:52 +0530 (Tue, 08 Nov 2016)\");\n script_cve_id(\"CVE-2016-7123\", \"CVE-2016-6893\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for mailman USN-3118-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mailman'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Mailman\n administrative web interface did not protect against cross-site request forgery\n (CSRF) attacks. If an authenticated user were tricked into visiting a malicious\n website while logged into Mailman, a remote attacker could perform administrative\n actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)\n\nNishant Agarwala discovered that the Mailman user options page did not\nprotect against cross-site request forgery (CSRF) attacks. If an\nauthenticated user were tricked into visiting a malicious website while\nlogged into Mailman, a remote attacker could modify user options.\n(CVE-2016-6893)\");\n script_tag(name:\"affected\", value:\"mailman on Ubuntu 16.04 LTS,\n Ubuntu 16.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3118-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3118-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS|16\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mailman\", ver:\"1:2.1.16-2ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mailman\", ver:\"1:2.1.14-3ubuntu0.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mailman\", ver:\"1:2.1.20-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"mailman\", ver:\"1:2.1.22-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T12:10:49", "description": "Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-02T14:59:00", "title": "CVE-2016-6893", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6893"], "modified": "2017-08-13T01:29:00", "cpe": ["cpe:/a:gnu:mailman:2.1.1", "cpe:/a:gnu:mailman:2.1.9", "cpe:/a:gnu:mailman:2.1.3", "cpe:/a:gnu:mailman:2.1.23", "cpe:/a:gnu:mailman:2.1.20", "cpe:/a:gnu:mailman:2.1.2", "cpe:/a:gnu:mailman:2.1.22", "cpe:/a:gnu:mailman:2.1.18-1", "cpe:/a:gnu:mailman:2.1.14-1", "cpe:/a:gnu:mailman:2.1.6", "cpe:/a:gnu:mailman:2.1.10", "cpe:/a:gnu:mailman:2.1.10b3", "cpe:/a:gnu:mailman:2.1.4", "cpe:/a:gnu:mailman:2.1.11", "cpe:/a:gnu:mailman:2.1.12", "cpe:/a:gnu:mailman:2.1.14", "cpe:/a:gnu:mailman:2.1.13", "cpe:/a:gnu:mailman:2.1", "cpe:/a:gnu:mailman:2.1.18", "cpe:/a:gnu:mailman:2.1.21", "cpe:/a:gnu:mailman:2.1.15", "cpe:/a:gnu:mailman:2.1.19", "cpe:/a:gnu:mailman:2.1.10b4", "cpe:/a:gnu:mailman:2.1.16", "cpe:/a:gnu:mailman:2.1.5", "cpe:/a:gnu:mailman:2.1.8", "cpe:/a:gnu:mailman:2.1.17", "cpe:/a:gnu:mailman:2.1.10b1"], "id": "CVE-2016-6893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6893", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:mailman:2.1.18-1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.10b4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.16:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.12:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.10b1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.18:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.14-1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.18:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.10b3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.18:rc3:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.12:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.16:rc3:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.19:rc1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:42", "description": "Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-02T14:59:00", "title": "CVE-2016-7123", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7123"], "modified": "2017-07-29T01:34:00", "cpe": ["cpe:/a:gnu:mailman:2.1.14"], "id": "CVE-2016-7123", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7123", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:mailman:2.1.14:rc1:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-01T06:44:07", "description": "It was discovered that the Mailman administrative web interface did\nnot protect against cross-site request forgery (CSRF) attacks. If an\nauthenticated user were tricked into visiting a malicious website\nwhile logged into Mailman, a remote attacker could perform\nadministrative actions. This issue only affected Ubuntu 12.04 LTS.\n(CVE-2016-7123)\n\nNishant Agarwala discovered that the Mailman user options page did not\nprotect against cross-site request forgery (CSRF) attacks. If an\nauthenticated user were tricked into visiting a malicious website\nwhile logged into Mailman, a remote attacker could modify user\noptions. (CVE-2016-6893).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-11-02T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mailman vulnerabilities (USN-3118-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7123", "CVE-2016-6893"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:mailman", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3118-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94467);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-6893\", \"CVE-2016-7123\");\n script_xref(name:\"USN\", value:\"3118-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : mailman vulnerabilities (USN-3118-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Mailman administrative web interface did\nnot protect against cross-site request forgery (CSRF) attacks. If an\nauthenticated user were tricked into visiting a malicious website\nwhile logged into Mailman, a remote attacker could perform\nadministrative actions. This issue only affected Ubuntu 12.04 LTS.\n(CVE-2016-7123)\n\nNishant Agarwala discovered that the Mailman user options page did not\nprotect against cross-site request forgery (CSRF) attacks. If an\nauthenticated user were tricked into visiting a malicious website\nwhile logged into Mailman, a remote attacker could modify user\noptions. (CVE-2016-6893).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3118-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mailman\", pkgver:\"1:2.1.14-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mailman\", pkgver:\"1:2.1.16-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mailman\", pkgver:\"1:2.1.20-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"mailman\", pkgver:\"1:2.1.22-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:57:16", "description": "Mark Sapiro reports :\n\nCSRF protection has been extended to the user options page. This was\nactually fixed by Tokio Kikuchi as part of the fix for LP : #775294\nand intended for Mailman 2.1.15, but that fix wasn't completely merged\nat the time. The full fix also addresses the admindb, and edithtml\npages as well as the user options page and the previously fixed admin\npages. Thanks to Nishant Agarwala for reporting the issue.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-08-30T00:00:00", "title": "FreeBSD : mailman -- CSRF protection enhancements (b11ab01b-6e19-11e6-ab24-080027ef73ec)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "modified": "2016-08-30T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mailman"], "id": "FREEBSD_PKG_B11AB01B6E1911E6AB24080027EF73EC.NASL", "href": "https://www.tenable.com/plugins/nessus/93211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93211);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6893\");\n\n script_name(english:\"FreeBSD : mailman -- CSRF protection enhancements (b11ab01b-6e19-11e6-ab24-080027ef73ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mark Sapiro reports :\n\nCSRF protection has been extended to the user options page. This was\nactually fixed by Tokio Kikuchi as part of the fix for LP : #775294\nand intended for Mailman 2.1.15, but that fix wasn't completely merged\nat the time. The full fix also addresses the admindb, and edithtml\npages as well as the user options page and the previously fixed admin\npages. Thanks to Nishant Agarwala for reporting the issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668\"\n );\n # https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac810682\"\n );\n # https://vuxml.freebsd.org/freebsd/b11ab01b-6e19-11e6-ab24-080027ef73ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?674111e0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mailman<2.1.23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:17:58", "description": "New version 2.1.26 (#1370156, #1304360)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : 3:mailman (2018-4a699532d3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:3:mailman", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-4A699532D3.NASL", "href": "https://www.tenable.com/plugins/nessus/120397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4a699532d3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120397);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-6893\");\n script_xref(name:\"FEDORA\", value:\"2018-4a699532d3\");\n\n script_name(english:\"Fedora 28 : 3:mailman (2018-4a699532d3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version 2.1.26 (#1370156, #1304360)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a699532d3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mailman package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"mailman-2.1.26-1.fc28\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mailman\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:43:57", "description": "It was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to\nobtain a user's password.\n\nFor Debian 7 'Wheezy', this issue has been fixed in mailman version\n1:2.1.15-1+deb7u2.\n\nWe recommend that you upgrade your mailman packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-06T00:00:00", "title": "Debian DLA-608-1 : mailman security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "modified": "2016-09-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mailman", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-608.NASL", "href": "https://www.tenable.com/plugins/nessus/93320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-608-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93320);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6893\");\n\n script_name(english:\"Debian DLA-608-1 : mailman security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to\nobtain a user's password.\n\nFor Debian 7 'Wheezy', this issue has been fixed in mailman version\n1:2.1.15-1+deb7u2.\n\nWe recommend that you upgrade your mailman packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/09/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mailman\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected mailman package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"mailman\", reference:\"1:2.1.15-1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:49:48", "description": "It was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to\nobtain a user's password.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-16T00:00:00", "title": "Debian DSA-3668-1 : mailman - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "modified": "2016-09-16T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:mailman"], "id": "DEBIAN_DSA-3668.NASL", "href": "https://www.tenable.com/plugins/nessus/93547", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3668. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93547);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6893\");\n script_xref(name:\"DSA\", value:\"3668\");\n\n script_name(english:\"Debian DSA-3668-1 : mailman - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to\nobtain a user's password.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mailman\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3668\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mailman packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.18-2+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"mailman\", reference:\"1:2.1.18-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:53:14", "description": "This update for mailman to version 2.1.15 fixes the following issues :\n\n - CVE-2016-6893: Prevent cross-site request forgery (CSRF)\n vulnerability in the user options page that allowed\n remote attackers to hijack the authentication of\n arbitrary users for requests that modify an option\n (bsc#995352).\n\n - Various other hardenings against CSFR attacks For\n details please see\n https://launchpad.net/mailman/+milestone/2.1.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-12T00:00:00", "title": "SUSE SLES11 Security Update : mailman (SUSE-SU-2018:1638-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "modified": "2018-06-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mailman", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-1638-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110473", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1638-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110473);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6893\");\n\n script_name(english:\"SUSE SLES11 Security Update : mailman (SUSE-SU-2018:1638-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mailman to version 2.1.15 fixes the following issues :\n\n - CVE-2016-6893: Prevent cross-site request forgery (CSRF)\n vulnerability in the user options page that allowed\n remote attackers to hijack the authentication of\n arbitrary users for requests that modify an option\n (bsc#995352).\n\n - Various other hardenings against CSFR attacks For\n details please see\n https://launchpad.net/mailman/+milestone/2.1.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://launchpad.net/mailman/+milestone/2.1.15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6893/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181638-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d882eb8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-mailman-13649=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mailman-13649=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mailman-2.1.15-9.6.3.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:59:34", "description": "This update for mailman fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the\nadmin web interface (bsc#997205).\n\nFollowing bug was fixed: Allow CSRF check to pass in mailman web\nfrontend if the list name contains a '+' (bsc#1102416)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-06-03T00:00:00", "title": "SUSE SLES11 Security Update : mailman (SUSE-SU-2019:14068-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "modified": "2019-06-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mailman", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14068-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125678", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:14068-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125678);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6893\");\n\n script_name(english:\"SUSE SLES11 Security Update : mailman (SUSE-SU-2019:14068-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for mailman fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the\nadmin web interface (bsc#997205).\n\nFollowing bug was fixed: Allow CSRF check to pass in mailman web\nfrontend if the list name contains a '+' (bsc#1102416)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6893/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-201914068-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d112219\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch\nslessp4-mailman-14068=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-mailman-14068=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-mailman-14068=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-mailman-14068=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"mailman-2.1.15-9.6.12.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:56:39", "description": "The late Tokio Kikuchi reported :\n\nWe may have to set lifetime for input forms because of recent\nactivities on cross-site request forgery (CSRF). The form lifetime is\nsuccessfully deployed in frameworks like web.py or plone etc. Proposed\nbranch lp:~tkikuchi/mailman/form-lifetime implement lifetime in admin,\nadmindb, options and edithtml interfaces. [...]\n\nThe web admin interface has been hardened against CSRF attacks by\nadding a hidden, encrypted token with a time stamp to form submissions\nand not accepting authentication by cookie if the token is missing,\ninvalid or older than the new mm_cfg.py setting FORM_LIFETIME which\ndefaults to one hour. Posthumous thanks go to Tokio Kikuchi for this\nimplementation [...].", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-08T00:00:00", "title": "FreeBSD : mailman -- CSRF hardening in parts of the web interface (9e50dcc3-740b-11e6-94a2-080027ef73ec)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7123"], "modified": "2016-09-08T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:mailman"], "id": "FREEBSD_PKG_9E50DCC3740B11E694A2080027EF73EC.NASL", "href": "https://www.tenable.com/plugins/nessus/93361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93361);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7123\");\n\n script_name(english:\"FreeBSD : mailman -- CSRF hardening in parts of the web interface (9e50dcc3-740b-11e6-94a2-080027ef73ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The late Tokio Kikuchi reported :\n\nWe may have to set lifetime for input forms because of recent\nactivities on cross-site request forgery (CSRF). The form lifetime is\nsuccessfully deployed in frameworks like web.py or plone etc. Proposed\nbranch lp:~tkikuchi/mailman/form-lifetime implement lifetime in admin,\nadmindb, options and edithtml interfaces. [...]\n\nThe web admin interface has been hardened against CSRF attacks by\nadding a hidden, encrypted token with a time stamp to form submissions\nand not accepting authentication by cookie if the token is missing,\ninvalid or older than the new mm_cfg.py setting FORM_LIFETIME which\ndefaults to one hour. Posthumous thanks go to Tokio Kikuchi for this\nimplementation [...].\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.launchpad.net/mailman/+bug/775294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://launchpad.net/mailman/2.1/2.1.15\"\n );\n # https://vuxml.freebsd.org/freebsd/9e50dcc3-740b-11e6-94a2-080027ef73ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49697cfc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mailman<2.1.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:18:19", "description": "Fix for CVE-2016-6893\n\n----\n\nSecurity fix for CVE-2018-5950\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-19T00:00:00", "title": "Fedora 27 : 3:mailman (2018-55b7018374)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5950", "CVE-2016-6893"], "modified": "2018-03-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:3:mailman"], "id": "FEDORA_2018-55B7018374.NASL", "href": "https://www.tenable.com/plugins/nessus/108424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-55b7018374.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108424);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-6893\", \"CVE-2018-5950\");\n script_xref(name:\"FEDORA\", value:\"2018-55b7018374\");\n\n script_name(english:\"Fedora 27 : 3:mailman (2018-55b7018374)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2016-6893\n\n----\n\nSecurity fix for CVE-2018-5950\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-55b7018374\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 3:mailman package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:3:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mailman-2.1.21-8.fc27\", epoch:\"3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"3:mailman\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:20:09", "description": "Cross-site scripting (XSS) vulnerability in web UI\n\nA cross-site scripting (XSS) flaw was found in mailman. An attacker,\nable to trick the user into visiting a specific URL, can execute\narbitrary web scripts on the user's side and force the victim to\nperform unintended actions. (CVE-2018-5950)\n\nCSRF protection missing in the user options page\n\nCross-site request forgery (CSRF) vulnerability in the user options\npage in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to\nhijack the authentication of arbitrary users for requests that modify\nan option, as demonstrated by gaining access to the credentials of a\nvictim's account. (CVE-2016-6893)", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "title": "Amazon Linux AMI : mailman (ALAS-2018-985)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5950", "CVE-2016-6893"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mailman", "p-cpe:/a:amazon:linux:mailman-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-985.NASL", "href": "https://www.tenable.com/plugins/nessus/108848", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-985.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108848);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-6893\", \"CVE-2018-5950\");\n script_xref(name:\"ALAS\", value:\"2018-985\");\n\n script_name(english:\"Amazon Linux AMI : mailman (ALAS-2018-985)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Cross-site scripting (XSS) vulnerability in web UI\n\nA cross-site scripting (XSS) flaw was found in mailman. An attacker,\nable to trick the user into visiting a specific URL, can execute\narbitrary web scripts on the user's side and force the victim to\nperform unintended actions. (CVE-2018-5950)\n\nCSRF protection missing in the user options page\n\nCross-site request forgery (CSRF) vulnerability in the user options\npage in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to\nhijack the authentication of arbitrary users for requests that modify\nan option, as demonstrated by gaining access to the credentials of a\nvictim's account. (CVE-2016-6893)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-985.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mailman' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mailman-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mailman-2.1.15-26.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mailman-debuginfo-2.1.15-26.21.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman / mailman-debuginfo\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:27", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7123", "CVE-2016-6893"], "description": "It was discovered that the Mailman administrative web interface did not \nprotect against cross-site request forgery (CSRF) attacks. If an \nauthenticated user were tricked into visiting a malicious website while \nlogged into Mailman, a remote attacker could perform administrative \nactions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)\n\nNishant Agarwala discovered that the Mailman user options page did not \nprotect against cross-site request forgery (CSRF) attacks. If an \nauthenticated user were tricked into visiting a malicious website while \nlogged into Mailman, a remote attacker could modify user options. \n(CVE-2016-6893)", "edition": 5, "modified": "2016-11-01T00:00:00", "published": "2016-11-01T00:00:00", "id": "USN-3118-1", "href": "https://ubuntu.com/security/notices/USN-3118-1", "title": "Mailman vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6893"], "description": "\nMark Sapiro reports:\n\nCSRF protection has been extended to the user options page. This\n\t was actually fixed by Tokio Kikuchi as part of the fix for LP:\n\t #775294 and intended for Mailman 2.1.15, but that fix wasn't\n\t completely merged at the time. The full fix also addresses the\n\t admindb, and edithtml pages as well as the user options page and the\n\t previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue.\n\n", "edition": 4, "modified": "2016-08-19T00:00:00", "published": "2016-08-19T00:00:00", "id": "B11AB01B-6E19-11E6-AB24-080027EF73EC", "href": "https://vuxml.freebsd.org/freebsd/b11ab01b-6e19-11e6-ab24-080027ef73ec.html", "title": "mailman -- CSRF protection enhancements", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7123"], "description": "\nThe late Tokio Kikuchi reported:\n\nWe may have to set lifetime for input forms because of recent\n\t activities on cross-site request forgery (CSRF). The form lifetime\n\t is successfully deployed in frameworks like web.py or plone etc.\n\t Proposed branch lp:~tkikuchi/mailman/form-lifetime implement\n\t lifetime in admin, admindb, options and edithtml interfaces.\n\t [...]\n\n\nThe web admin interface has been hardened against CSRF attacks by\n\t adding a hidden, encrypted token with a time stamp to form submissions\n\t and not accepting authentication by cookie if the token is missing,\n\t invalid or older than the new mm_cfg.py setting FORM_LIFETIME which\n\t defaults to one hour. Posthumous thanks go to Tokio Kikuchi for this implementation [...].\n\n", "edition": 4, "modified": "2011-05-02T00:00:00", "published": "2011-05-02T00:00:00", "id": "9E50DCC3-740B-11E6-94A2-080027EF73EC", "href": "https://vuxml.freebsd.org/freebsd/9e50dcc3-740b-11e6-94a2-080027ef73ec.html", "title": "mailman -- CSRF hardening in parts of the web interface", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6893"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3668-1 security@debian.org\nhttps://www.debian.org/security/ Thijs Kinkhorst\nSeptember 15, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mailman\nCVE ID : CVE-2016-6893\nDebian Bug : 835970\n\nIt was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to obtain\na user's password.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.18-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.1.23-1.\n\nWe recommend that you upgrade your mailman packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2016-09-15T12:13:52", "published": "2016-09-15T12:13:52", "id": "DEBIAN:DSA-3668-1:1A145", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00247.html", "title": "[SECURITY] [DSA 3668-1] mailman security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6893"], "description": "Package : mailman\nVersion : 1:2.1.15-1+deb7u2\nCVE ID : CVE-2016-6893\nDebian Bug : 835970\n\nIt was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to obtain\na user's password.\n\nFor Debian 7 "Wheezy", this issue has been fixed in mailman version\n1:2.1.15-1+deb7u2.\n\nWe recommend that you upgrade your mailman packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 2, "modified": "2016-09-02T09:02:18", "published": "2016-09-02T09:02:18", "id": "DEBIAN:DLA-608-1:2C554", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201609/msg00001.html", "title": "[SECURITY] [DLA 608-1] mailman security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6893"], "description": "Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail <-> news gateways, and so on. Documentation can be found in: /usr/share/doc/mailman When the package has finished installing, you will need to perform some additional installation steps, these are described in: /usr/share/doc/mailman/INSTALL.REDHAT ", "modified": "2018-04-09T13:29:49", "published": "2018-04-09T13:29:49", "id": "FEDORA:DAA3F60A408C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mailman-2.1.26-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6893", "CVE-2018-5950"], "description": "Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail <-> news gateways, and so on. Documentation can be found in: /usr/share/doc/mailman When the package has finished installing, you will need to perform some additional installation steps, these are described in: /usr/share/doc/mailman/INSTALL.REDHAT ", "modified": "2018-03-16T16:45:42", "published": "2018-03-16T16:45:42", "id": "FEDORA:96A1762D6B6E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mailman-2.1.21-8.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:55:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "description": "It was discovered that there was a CSRF\nvulnerability in mailman, a web-based mailing list manager, which could allow an\nattacker to obtain a user", "modified": "2017-07-07T00:00:00", "published": "2016-09-15T00:00:00", "id": "OPENVAS:703668", "href": "http://plugins.openvas.org/nasl.php?oid=703668", "type": "openvas", "title": "Debian Security Advisory DSA 3668-1 (mailman - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3668.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3668-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703668);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6893\");\n script_name(\"Debian Security Advisory DSA 3668-1 (mailman - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-09-15 00:00:00 +0200 (Thu, 15 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3668.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mailman on Debian Linux\");\n script_tag(name: \"insight\", value: \"The GNU Mailing List Manager, which\nmanages email discussion lists much like Majordomo and Smartmail. Unlike most\nsimilar products, Mailman gives each mailing list a web page, and allows users\nto subscribe, unsubscribe, etc. over the web. Even the list manager can administer\nhis or her list entirely from the web.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 1:2.1.18-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.1.23-1.\n\nWe recommend that you upgrade your mailman packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that there was a CSRF\nvulnerability in mailman, a web-based mailing list manager, which could allow an\nattacker to obtain a user's password.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mailman\", ver:\"1:2.1.18-2+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6893"], "description": "It was discovered that there was a CSRF\nvulnerability in mailman, a web-based mailing list manager, which could allow an\nattacker to obtain a user", "modified": "2019-03-18T00:00:00", "published": "2016-09-15T00:00:00", "id": "OPENVAS:1361412562310703668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703668", "type": "openvas", "title": "Debian Security Advisory DSA 3668-1 (mailman - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3668.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3668-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703668\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6893\");\n script_name(\"Debian Security Advisory DSA 3668-1 (mailman - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-15 00:00:00 +0200 (Thu, 15 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3668.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"mailman on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 1:2.1.18-2+deb8u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:2.1.23-1.\n\nWe recommend that you upgrade your mailman packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that there was a CSRF\nvulnerability in mailman, a web-based mailing list manager, which could allow an\nattacker to obtain a user's password.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"mailman\", ver:\"1:2.1.18-2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5950", "CVE-2016-6893"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-03-17T00:00:00", "id": "OPENVAS:1361412562310874239", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874239", "type": "openvas", "title": "Fedora Update for mailman FEDORA-2018-55b7018374", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_55b7018374_mailman_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mailman FEDORA-2018-55b7018374\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874239\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-17 08:51:04 +0100 (Sat, 17 Mar 2018)\");\n script_cve_id(\"CVE-2016-6893\", \"CVE-2018-5950\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mailman FEDORA-2018-55b7018374\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mailman'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mailman on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-55b7018374\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2AEL7JYG6A6XX44ML5ICTKMTP4D62ZG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mailman\", rpm:\"mailman~2.1.21~8.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5950", "CVE-2016-6893"], "description": "**Issue Overview:**\n\nCross-site scripting (XSS) vulnerability in web UI \nA cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. ([CVE-2018-5950 __](<https://access.redhat.com/security/cve/CVE-2018-5950>))\n\nCSRF protection missing in the user options page \nCross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. ([CVE-2016-6893 __](<https://access.redhat.com/security/cve/CVE-2016-6893>)) \n\n\n \n**Affected Packages:** \n\n\nmailman\n\n \n**Issue Correction:** \nRun _yum update mailman_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mailman-2.1.15-26.21.amzn1.i686 \n mailman-debuginfo-2.1.15-26.21.amzn1.i686 \n \n src: \n mailman-2.1.15-26.21.amzn1.src \n \n x86_64: \n mailman-2.1.15-26.21.amzn1.x86_64 \n mailman-debuginfo-2.1.15-26.21.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-04-05T16:46:00", "published": "2018-04-05T16:46:00", "id": "ALAS-2018-985", "href": "https://alas.aws.amazon.com/ALAS-2018-985.html", "title": "Medium: mailman", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
