ID OSVDB:2938 Type osvdb Reporter OSVDB Modified 2000-10-03T00:00:00
Description
Vulnerability Description
Minimalist Mail List Manager contains a flaw that allows any remote user to bypass authentication. This issue is triggered when an unauthorized user mails a private/closed list using a custom "From:" header that ends with a "|" (pipe).
Solution Description
Upgrade to version 2.1(2) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Minimalist Mail List Manager contains a flaw that allows any remote user to bypass authentication. This issue is triggered when an unauthorized user mails a private/closed list using a custom "From:" header that ends with a "|" (pipe).
{"edition": 1, "title": "Minimalist Pipe Authentication Bypass", "bulletinFamily": "software", "published": "2000-10-03T00:00:00", "lastseen": "2017-04-28T13:19:57", "history": [], "modified": "2000-10-03T00:00:00", "reporter": "OSVDB", "hash": "0f763fe366d5108805b2ded9d6e20a4803392271fa5dcc91320734653f7fb31b", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:2938", "description": "## Vulnerability Description\nMinimalist Mail List Manager contains a flaw that allows any remote user to bypass authentication. This issue is triggered when an unauthorized user mails a private/closed list using a custom \"From:\" header that ends with a \"|\" (pipe).\n## Solution Description\nUpgrade to version 2.1(2) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMinimalist Mail List Manager contains a flaw that allows any remote user to bypass authentication. This issue is triggered when an unauthorized user mails a private/closed list using a custom \"From:\" header that ends with a \"|\" (pipe).\n## References:\n[Vendor Specific Advisory URL](http://www.mml.org.ua/CHANGES.txt)\nGeneric Informational URL: http://www.mml.org.ua/\n", "affectedSoftware": [{"name": "Mail List Manager", "version": "2.1", "operator": "eq"}, {"name": "Mail List Manager", "version": "2.0.x", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "da1415ba8be6bf8e59b75cb804563bdd"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "215ddc9fcc31cbedaf51cb96a3c9707e"}, {"key": "href", "hash": "8c984563e7fc41aa3d879d1a599c19a3"}, {"key": "modified", "hash": "f27fe5b7c789b08650f5fe83ab796a41"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "f27fe5b7c789b08650f5fe83ab796a41"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "f9048781fad214e3c8980c313e4f3c0d"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:2938"}
