CVE-2004-0412

2021-10-06T10:08:15

Description

Mailman versions 2.1.5 and below allow for user passwords to be obtained via a crafted email which can compromise data confidentiality.

{"id": "RH:CVE-2004-0412", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2004-0412", "description": "Mailman versions 2.1.5 and below allow for user passwords to be obtained via a crafted email which can compromise data confidentiality.\n", "published": "2021-10-06T10:08:15", "modified": "2023-03-09T00:32:29", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/cve-2004-0412", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=2011228"], "cvelist": ["CVE-2004-0412"], "immutableFields": [], "lastseen": "2023-03-09T02:17:36", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0412"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2004-0412"]}, {"type": "freebsd", "idList": ["AD9D2518-3471-4737-B60B-9A1F51023B28"]}, {"type": "gentoo", "idList": ["GLSA-200406-04"]}, {"type": "nessus", "idList": ["FEDORA_2004-167.NASL", "FEDORA_2004-168.NASL", "FREEBSD_PKG_AD9D251834714737B60B9A1F51023B28.NASL", "GENTOO_GLSA-200406-04.NASL", "MAILMAN_PASSWORD_RETRIEVAL.NASL", "MANDRAKE_MDKSA-2004-051.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:12253", "OPENVAS:136141256231012253", "OPENVAS:52999", "OPENVAS:54589"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6320"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2004-0412"]}]}, "score": {"value": 4.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2004-0412"]}, {"type": "freebsd", "idList": ["AD9D2518-3471-4737-B60B-9A1F51023B28"]}, {"type": "gentoo", "idList": ["GLSA-200406-04"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2004-051.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:52999"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2004-0412"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2004-0412", "epss": "0.007120000", "percentile": "0.774440000", "modified": "2023-03-17"}], "vulnersScore": 4.8}, "_state": {"dependencies": 1678328306, "score": 1678329320, "epss": 1679134186}, "_internal": {"score_hash": "04a223ab97ab74e63ff33d4acc16855a"}, "vendorCvss": {"score": "6.5", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}}

{"nessus": [{"lastseen": "2023-01-11T14:16:30", "description": "The target is running a version of the Mailman mailing list software that allows a list subscriber to retrieve the mailman password of any other subscriber by means of a specially crafted mail message to the server. That is, a message sent to $listname-request@$target containing the lines :\n\n password address=$victim password address=$subscriber\n\nwill return the password of both $victim and $subscriber for the list $listname@$target. \n\n***** Nessus has determined the vulnerability exists on the target\n***** simply by looking at the version number of Mailman installed\n***** there.", "cvss3": {}, "published": "2004-05-26T00:00:00", "type": "nessus", "title": "Mailman Crated Email Remote User Password Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2020-06-12T00:00:00", "cpe": ["cpe:/a:gnu:mailman"], "id": "MAILMAN_PASSWORD_RETRIEVAL.NASL", "href": "https://www.tenable.com/plugins/nessus/12253", "sourceData": "#\n# This script was written by George A. Theall, <theall@tifaware.com>.\n#\n# See the Nessus Scripts License for details.\n#\n\n# Changes by Tenable:\n# - Revised plugin title, output formatting (9/2/09)\n# - Revised plugin title (8/13/12)\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12253);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2004-0412\");\n script_bugtraq_id(10412);\n script_xref(name:\"CLSA\", value:\"CLSA-2004:842\");\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-1734\");\n script_xref(name:\"GLSA\", value:\"GLSA-200406-04\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2004:051\");\n \n script_name(english:\"Mailman Crated Email Remote User Password Disclosure\");\n script_summary(english:\"Checks for Mailman Password Retrieval Vulnerability\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running a mailing list application that is \naffected by a password disclosure vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The target is running a version of the Mailman mailing list software\nthat allows a list subscriber to retrieve the mailman password of any\nother subscriber by means of a specially crafted mail message to the\nserver. That is, a message sent to $listname-request@$target \ncontaining the lines :\n\n password address=$victim\n password address=$subscriber\n\nwill return the password of both $victim and $subscriber for the list\n$listname@$target. \n\n***** Nessus has determined the vulnerability exists on the target\n***** simply by looking at the version number of Mailman installed\n***** there.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mailman version 2.1.5 or newer as this reportedly fixes \nthe issue.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/05/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/05/15\");\n script_set_attribute(attribute:\"plugin_type\", value: \"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gnu:mailman\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2020 George A. Theall\");\n script_family(english:\"Misc.\");\n script_dependencie(\"global_settings.nasl\", \"http_version.nasl\", \"mailman_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80, embedded:TRUE);\nif (!get_port_state(port)) exit(0);\ndebug_print(level: 2, \"checking for Mailman Password Retrieval vulnerability on port \", port, \".\");\n\n# Check each installed instance, stopping if we find a vulnerability.\ninstalls = get_kb_list(string(\"www/\", port, \"/Mailman\"));\nif (isnull(installs)) exit(0);\nforeach install (installs) {\n matches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\n if (!isnull(matches)) {\n ver = matches[1];\n dir = matches[2];\n debug_print(level:2, \"checking version \", ver, \" under \", dir, \".\");\n\n if (ereg(pattern:\"^2\\.1(b[2-6]|rc1|\\.[1-4]([^0-9]|$))\", string:ver)) {\n security_warning(port);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:19:55", "description": "Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. The updated packages have a patch backported from 2.1.5 to correct the issue.", "cvss3": {}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : mailman (MDKSA-2004:051)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:mailman", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.2"], "id": "MANDRAKE_MDKSA-2004-051.NASL", "href": "https://www.tenable.com/plugins/nessus/14150", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:051. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14150);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0412\");\n script_xref(name:\"MDKSA\", value:\"2004:051\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mailman (MDKSA-2004:051)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mailman versions >= 2.1 have an issue where 3rd parties can retrieve\nmember passwords from the server. The updated packages have a patch\nbackported from 2.1.5 to correct the issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"mailman-2.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"mailman-2.1.2-9.4.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:43:53", "description": "Barry Warsaw reports :\n\nToday I am releasing Mailman 2.1.5, a bug fix release [...] This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest version.", "cvss3": {}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "FreeBSD : mailman -- password disclosure (ad9d2518-3471-4737-b60b-9a1f51023b28)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ja-mailman", "p-cpe:/a:freebsd:freebsd:mailman", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AD9D251834714737B60B9A1F51023B28.NASL", "href": "https://www.tenable.com/plugins/nessus/19079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19079);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0412\");\n\n script_name(english:\"FreeBSD : mailman -- password disclosure (ad9d2518-3471-4737-b60b-9a1f51023b28)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Barry Warsaw reports :\n\nToday I am releasing Mailman 2.1.5, a bug fix release [...] This\nversion also contains a fix for an exploit that could allow 3rd\nparties to retrieve member passwords. It is thus highly recommended\nthat all existing sites upgrade to the latest version.\"\n );\n # http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e25c67e8\"\n );\n # https://vuxml.freebsd.org/freebsd/ad9d2518-3471-4737-b60b-9a1f51023b28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63e91808\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mailman<2.1.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-mailman<2.1.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:16:27", "description": "Fixes security issue CVE-2004-0412 noted in bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559 Mailman subscriber passwords could be retrieved by a remote attacker. Security hole is fixed in mailman-2.1.5 Important Installation Note: Some users have reported problems with bad queue counts after upgrading to version 2.1.5, the operating assumption is this was caused by performing an install while mailman was running. Prior to installing this rpm stop the mailman service via: % /sbin/service mailman stop Then after installation completes restart the service via: % /sbin/service mailman start Red Hat RPM versions of mailman 2.1.5-6 and above have enhanced the init.d script that controls the mailman service so that '/sbin/service mailman status' now returns valid information. The RPM has been augmented to detect if mailman is running prior to installation and if so it will temporarily stop mailman during the install and restart mailman after the install completes. If mailman was not running the RPM will not start mailman after installation. Since the RPM depends on service status working the installed version of mailman you are replacing must be at least 2.1.5-6 for the automatic pausing of mailman during installation to work. This also means since this is the first RPM with this feature you will need to manually pause mailman during installation, future upgrades should be automatic.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2004-07-23T00:00:00", "type": "nessus", "title": "Fedora Core 2 : mailman-2.1.5-7 (2004-168)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0412"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mailman", "p-cpe:/a:fedoraproject:fedora:mailman-debuginfo", "cpe:/o:fedoraproject:fedora_core:2"], "id": "FEDORA_2004-168.NASL", "href": "https://www.tenable.com/plugins/nessus/13722", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-168.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13722);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-168\");\n\n script_name(english:\"Fedora Core 2 : mailman-2.1.5-7 (2004-168)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes security issue CVE-2004-0412 noted in bug\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559 Mailman\nsubscriber passwords could be retrieved by a remote attacker. Security\nhole is fixed in mailman-2.1.5 Important Installation Note: Some users\nhave reported problems with bad queue counts after upgrading to\nversion 2.1.5, the operating assumption is this was caused by\nperforming an install while mailman was running. Prior to installing\nthis rpm stop the mailman service via: % /sbin/service mailman stop\nThen after installation completes restart the service via: %\n/sbin/service mailman start Red Hat RPM versions of mailman 2.1.5-6\nand above have enhanced the init.d script that controls the mailman\nservice so that '/sbin/service mailman status' now returns valid\ninformation. The RPM has been augmented to detect if mailman is\nrunning prior to installation and if so it will temporarily stop\nmailman during the install and restart mailman after the install\ncompletes. If mailman was not running the RPM will not start mailman\nafter installation. Since the RPM depends on service status working\nthe installed version of mailman you are replacing must be at least\n2.1.5-6 for the automatic pausing of mailman during installation to\nwork. This also means since this is the first RPM with this feature\nyou will need to manually pause mailman during installation, future\nupgrades should be automatic.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-July/000204.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43ecddeb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman and / or mailman-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mailman-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"mailman-2.1.5-7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mailman-debuginfo-2.1.5-7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman / mailman-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T14:22:59", "description": "The remote host is affected by the vulnerability described in GLSA-200406-04 (Mailman: Member password disclosure vulnerability)\n\n Mailman contains an unspecified vulnerability in the handling of request emails.\n Impact :\n\n By sending a carefully crafted email request to the mailman server an attacker could obtain member passwords.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2004-08-30T00:00:00", "type": "nessus", "title": "GLSA-200406-04 : Mailman: Member password disclosure vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mailman", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200406-04.NASL", "href": "https://www.tenable.com/plugins/nessus/14515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200406-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14515);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0412\");\n script_xref(name:\"GLSA\", value:\"200406-04\");\n\n script_name(english:\"GLSA-200406-04 : Mailman: Member password disclosure vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200406-04\n(Mailman: Member password disclosure vulnerability)\n\n Mailman contains an unspecified vulnerability in the handling of request\n emails.\n \nImpact :\n\n By sending a carefully crafted email request to the mailman server an\n attacker could obtain member passwords.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e25c67e8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200406-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users of Mailman should upgrade to the latest stable version:\n # emerge sync\n # emerge -pv '>=net-mail/mailman-2.1.5'\n # emerge '>=net-mail/mailman-2.1.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-mail/mailman\", unaffected:make_list(\"ge 2.1.5\"), vulnerable:make_list(\"lt 2.1.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mailman\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:11:51", "description": "Fixes security issue CVE-2004-0412 noted in bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559 Mailman subscriber passwords could be retrieved by a remote attacker. Security hole is fixed in mailman-2.1.5 Important Installation Note: Some users have reported problems with bad queue counts after upgrading to version 2.1.5, the operating assumption is this was caused by performing an install while mailman was running. Prior to installing this rpm stop the mailman service via: % /sbin/service mailman stop Then after installation completes restart the service via: % /sbin/service mailman start Red Hat RPM versions of mailman 2.1.5-6 and above have enhanced the init.d script that controls the mailman service so that '/sbin/service mailman status' now returns valid information. The RPM has been augmented to detect if mailman is running prior to installation and if so it will temporarily stop mailman during the install and restart mailman after the install completes. If mailman was not running the RPM will not start mailman after installation. Since the RPM depends on service status working the installed version of mailman you are replacing must be at least 2.1.5-6 for the automatic pausing of mailman during installation to work. This also means since this is the first RPM with this feature you will need to manually pause mailman during installation, future upgrades should be automatic.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2004-07-23T00:00:00", "type": "nessus", "title": "Fedora Core 1 : mailman-2.1.5-6 (2004-167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0412"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mailman", "p-cpe:/a:fedoraproject:fedora:mailman-debuginfo", "cpe:/o:fedoraproject:fedora_core:1"], "id": "FEDORA_2004-167.NASL", "href": "https://www.tenable.com/plugins/nessus/13721", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-167.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13721);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-167\");\n\n script_name(english:\"Fedora Core 1 : mailman-2.1.5-6 (2004-167)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes security issue CVE-2004-0412 noted in bug\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559 Mailman\nsubscriber passwords could be retrieved by a remote attacker. Security\nhole is fixed in mailman-2.1.5 Important Installation Note: Some users\nhave reported problems with bad queue counts after upgrading to\nversion 2.1.5, the operating assumption is this was caused by\nperforming an install while mailman was running. Prior to installing\nthis rpm stop the mailman service via: % /sbin/service mailman stop\nThen after installation completes restart the service via: %\n/sbin/service mailman start Red Hat RPM versions of mailman 2.1.5-6\nand above have enhanced the init.d script that controls the mailman\nservice so that '/sbin/service mailman status' now returns valid\ninformation. The RPM has been augmented to detect if mailman is\nrunning prior to installation and if so it will temporarily stop\nmailman during the install and restart mailman after the install\ncompletes. If mailman was not running the RPM will not start mailman\nafter installation. Since the RPM depends on service status working\nthe installed version of mailman you are replacing must be at least\n2.1.5-6 for the automatic pausing of mailman during installation to\nwork. This also means since this is the first RPM with this feature\nyou will need to manually pause mailman during installation, future\nupgrades should be automatic.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-July/000203.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d1aba588\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mailman and / or mailman-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mailman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mailman-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 1.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC1\", reference:\"mailman-2.1.5-6\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"mailman-debuginfo-2.1.5-6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mailman / mailman-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:50:12", "description": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a\ncrafted email request to the Mailman server.", "cvss3": {}, "published": "2004-08-18T00:00:00", "type": "ubuntucve", "title": "CVE-2004-0412", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2004-08-18T00:00:00", "id": "UB:CVE-2004-0412", "href": "https://ubuntu.com/security/CVE-2004-0412", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2022-07-04T06:00:47", "description": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.", "cvss3": {}, "published": "2004-08-18T04:00:00", "type": "debiancve", "title": "CVE-2004-0412", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2004-08-18T04:00:00", "id": "DEBIANCVE:CVE-2004-0412", "href": "https://security-tracker.debian.org/tracker/CVE-2004-0412", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2022-01-17T19:21:16", "description": "### Background\n\nMailman is a python-based mailing list server with an extensive web interface. \n\n### Description\n\nMailman contains an unspecified vulnerability in the handling of request emails. \n\n### Impact\n\nBy sending a carefully crafted email request to the mailman server an attacker could obtain member passwords. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll users of Mailman should upgrade to the latest stable version: \n \n \n # emerge sync\n \n # emerge -pv \">=net-mail/mailman-2.1.5\"\n # emerge \">=net-mail/mailman-2.1.5\"", "cvss3": {}, "published": "2004-06-09T00:00:00", "type": "gentoo", "title": "Mailman: Member password disclosure vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2004-06-09T00:00:00", "id": "GLSA-200406-04", "href": "https://security.gentoo.org/glsa/200406-04", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:32:01", "description": "The target is running version of the Mailman mailing list software that\n allows a list subscriber to retrieve the mailman password of any other subscriber", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Mailman Password Retrieval", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0412"], "modified": "2018-10-02T00:00:00", "id": "OPENVAS:136141256231012253", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231012253", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mailman_password_retrieval.nasl 11723 2018-10-02 09:59:19Z ckuersteiner $\n#\n# Mailman Password Retrieval\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2004-2005 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:gnu:mailman\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.12253\");\n script_version(\"$Revision: 11723 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-02 11:59:19 +0200 (Tue, 02 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2004-0412\");\n script_bugtraq_id(10412);\n script_xref(name:\"OSVDB\", value:\"6422\");\n script_xref(name:\"CLSA\", value:\"CLSA-2004:842\");\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-1734\");\n script_xref(name:\"GLSA\", value:\"GLSA-200406-04\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2004:051\");\n\n script_name(\"Mailman Password Retrieval\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2004-2005 George A. Theall\");\n script_family(\"Web application abuses\");\n script_dependencies(\"mailman_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"gnu_mailman/detected\");\n\n script_tag(name:\"summary\", value:\"The target is running version of the Mailman mailing list software that\n allows a list subscriber to retrieve the mailman password of any other subscriber\");\n\n script_tag(name:\"insight\", value:\"An attacker could exploit this issue by sending a specially crafted mail\n message to the server. Such a message sent via $listname-request@$target containing the lines :\n\n password address=$victim\n\n password address=$subscriber\n\n will return the password of both $victim and $subscriber for the list\n $listname@$target.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mailman version 2.1.5 or newer.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! info = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\nvers = info['version'];\npath = info['location'];\n\nif( ereg( pattern:\"^2\\.1(b[2-6]|rc1|\\.[1-4]$)\", string:vers ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.1.5\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:50:12", "description": "The remote host is missing updates announced in\nadvisory GLSA 200406-04.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200406-04 (mailman)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0412"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54589", "href": "http://plugins.openvas.org/nasl.php?oid=54589", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mailman contains a bug allowing 3rd parties to retrieve member passwords.\";\ntag_solution = \"All users of Mailman should upgrade to the latest stable version:\n\n # emerge sync\n\n # emerge -pv '>=net-mail/mailman-2.1.5'\n # emerge '>=net-mail/mailman-2.1.5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200406-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=51671\nhttp://mail.python.org/pipermail/mailman-announce/2004-May/000072.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200406-04.\";\n\n \n\nif(description)\n{\n script_id(54589);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(10412);\n script_cve_id(\"CVE-2004-0412\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200406-04 (mailman)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-mail/mailman\", unaffected: make_list(\"ge 2.1.5\"), vulnerable: make_list(\"lt 2.1.5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:07", "description": "The target is running version of the Mailman mailing list software that\nallows a list subscriber to retrieve the mailman password of any other\nsubscriber by means of a specially crafted mail message to the server. \nThat is, a message sent to $listname-request@$target containing the\nlines :\n\n password address=$victim\n password address=$subscriber\n\nwill return the password of both $victim and $subscriber for the list\n$listname@$target. \n\n***** OpenVAS has determined the vulnerability exists on the target\n***** simply by looking at the version number of Mailman installed\n***** there.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Mailman Password Retrieval", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0412"], "modified": "2017-04-28T00:00:00", "id": "OPENVAS:12253", "href": "http://plugins.openvas.org/nasl.php?oid=12253", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mailman_password_retrieval.nasl 6046 2017-04-28 09:02:54Z teissa $\n# Description: Mailman Password Retrieval\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2004-2005 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The target is running version of the Mailman mailing list software that\nallows a list subscriber to retrieve the mailman password of any other\nsubscriber by means of a specially crafted mail message to the server. \nThat is, a message sent to $listname-request@$target containing the\nlines :\n\n password address=$victim\n password address=$subscriber\n\nwill return the password of both $victim and $subscriber for the list\n$listname@$target. \n\n***** OpenVAS has determined the vulnerability exists on the target\n***** simply by looking at the version number of Mailman installed\n***** there.\";\n\ntag_solution = \"Upgrade to Mailman version 2.1.5 or newer.\";\n \nif (description) {\n script_id(12253);\n script_version(\"$Revision: 6046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-28 11:02:54 +0200 (Fri, 28 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2004-0412\");\n script_bugtraq_id(10412);\n script_xref(name:\"OSVDB\", value:\"6422\");\n script_xref(name:\"CLSA\", value:\"CLSA-2004:842\");\n script_xref(name:\"FLSA\", value:\"FEDORA-2004-1734\");\n script_xref(name:\"GLSA\", value:\"GLSA-200406-04\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2004:051\");\n \n name = \"Mailman Password Retrieval\";\n script_name(name);\n \n summary = \"Checks for Mailman Password Retrieval Vulnerability\";\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"This script is Copyright (C) 2004-2005 George A. Theall\");\n\n family = \"General\";\n script_family(family);\n\n script_dependencies(\"global_settings.nasl\", \"http_version.nasl\", \"mailman_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif (!get_port_state(port)) exit(0);\ndebug_print(\"checking for Mailman Password Retrieval vulnerability on port \", port, \".\");\n\n# Check each installed instance, stopping if we find a vulnerability.\ninstalls = get_kb_list(string(\"www/\", port, \"/Mailman\"));\nif (isnull(installs)) exit(0);\nforeach install (installs) {\n matches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\n if (!isnull(matches)) {\n ver = matches[1];\n dir = matches[2];\n debug_print(\"checking version \", ver, \" under \", dir, \".\");\n\n if (ereg(pattern:\"^2\\.1(b[2-6]|rc1|\\.[1-4]$)\", string:ver)) {\n security_message(port);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:20", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: mailman, ja-mailman", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0412"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:52999", "href": "http://plugins.openvas.org/nasl.php?oid=52999", "sourceData": "#\n#VID ad9d2518-3471-4737-b60b-9a1f51023b28\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n mailman\n ja-mailman\n\nCVE-2004-0412\nMailman before 2.1.5 allows remote attackers to obtain user passwords\nvia a crafted email request to the Mailman server.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://mail.python.org/pipermail/mailman-announce/2004-May/000072.html\nhttp://www.vuxml.org/freebsd/ad9d2518-3471-4737-b60b-9a1f51023b28.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52999);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(10412);\n script_cve_id(\"CVE-2004-0412\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: mailman, ja-mailman\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"mailman\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.1.5\")<0) {\n txt += 'Package mailman version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-mailman\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.1.5\")<0) {\n txt += 'Package ja-mailman version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2023-02-09T13:58:44", "description": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.", "cvss3": {}, "published": "2004-08-18T04:00:00", "type": "cve", "title": "CVE-2004-0412", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/a:gnu:mailman:2.1b1", "cpe:/a:gnu:mailman:2.1", "cpe:/a:gnu:mailman:2.1.2", "cpe:/a:gnu:mailman:2.1.3", "cpe:/a:gnu:mailman:2.1.4", "cpe:/a:gnu:mailman:2.1.1"], "id": "CVE-2004-0412", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0412", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200406-04\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Mailman: Member password disclosure vulnerability\r\n Date: June 09, 2004\r\n Bugs: #51671\r\n ID: 200406-04\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMailman contains a bug allowing 3rd parties to retrieve member\r\npasswords.\r\n\r\nBackground\r\n==========\r\n\r\nMailman is a python-based mailing list server with an extensive web\r\ninterface.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-mail/mailman < 2.1.5 >= 2.1.5\r\n\r\nDescription\r\n===========\r\n\r\nMailman contains an unspecified vulnerability in the handling of\r\nrequest emails.\r\n\r\nImpact\r\n======\r\n\r\nBy sending a carefully crafted email request to the mailman server an\r\nattacker could obtain member passwords.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll users of Mailman should upgrade to the latest stable version:\r\n\r\n # emerge sync\r\n\r\n # emerge -pv ">=net-mail/mailman-2.1.5"\r\n # emerge ">=net-mail/mailman-2.1.5"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] Mailman 2.1.5 Release Announcement\r\n http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html\r\n [ 2 ] CAN-2004-0412\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200406-04.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2004 Gentoo Technologies, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/1.0", "cvss3": {}, "published": "2004-06-09T00:00:00", "type": "securityvulns", "title": "[Full-Disclosure] [ GLSA 200406-04 ] Mailman: Member password disclosure vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2004-0412"], "modified": "2004-06-09T00:00:00", "id": "SECURITYVULNS:DOC:6320", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6320", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nBarry Warsaw reports:\n\nToday I am releasing Mailman 2.1.5, a bug fix release\n\t [...] This version also contains a fix for an exploit that\n\t could allow 3rd parties to retrieve member passwords. It is\n\t thus highly recommended that all existing sites upgrade to\n\t the latest version.\n\n\n", "cvss3": {}, "published": "2004-05-15T00:00:00", "type": "freebsd", "title": "mailman -- password disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0412"], "modified": "2004-05-15T00:00:00", "id": "AD9D2518-3471-4737-B60B-9A1F51023B28", "href": "https://vuxml.freebsd.org/freebsd/ad9d2518-3471-4737-b60b-9a1f51023b28.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}

CVE-2004-0412

Description

Related