6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Several vulnerabilities have been fixed in the mailman package:
The cross-site scripting vulnerabilities could allow an attacker to
perform administrative operations without authorization, by stealing a
session cookie.
For the current stable distribution (woody) these problems have been
fixed in version 2.0.11-1woody7.
For the unstable distribution (sid),
CAN-2003-0965 is fixed in version 2.1.4-1, and
CAN-2003-0038 in version 2.1.1-1.
CAN-2003-0991 will be fixed soon.
We recommend that you update your mailman package.