Mailman Mail Command Handler Malformed E-mail DoS

2003-11-18T00:00:00
ID OSVDB:11749
Type osvdb
Reporter Matthew Galgoci.()
Modified 2003-11-18T00:00:00

Description

Vulnerability Description

Mailman contains a flaw that may allow a remote denial of service. The issue is due to an error in the mail command handler. By sending a specially crafted email command, a remote attacker can cause a denial of service, resulting in loss of availability for the mailman service.

Solution Description

Upgrade to version 2.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mailman contains a flaw that may allow a remote denial of service. The issue is due to an error in the mail command handler. By sending a specially crafted email command, a remote attacker can cause a denial of service, resulting in loss of availability for the mailman service.

References:

Vendor Specific Advisory URL Other Advisory URL: http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000842 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013 Other Advisory URL: http://cert.uni-stuttgart.de/archive/win-sec-ssc/2004/02/msg00032.html Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00031.html Nessus Plugin ID:12567 ISS X-Force ID: 15106 CVE-2003-0991 Bugtraq ID: 9620