mailman vulnerabilities

2006-09-1300:00:00

ubuntu.com

6.3 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.321 Low

EPSS

Percentile

97.0%

JSON

Releases

Ubuntu 6.06
Ubuntu 5.10
Ubuntu 5.04

Details

Steve Alexander discovered that mailman did not properly handle
attachments with special filenames. A remote user could exploit that
to stop mail delivery until the server administrator manually cleaned
these posts. (CVE-2006-2941)

Various cross-site scripting vulnerabilities have been reported by
Barry Warsaw. By using specially crafted email addresses, names, and
similar arbitrary user-defined strings, a remote attacker could
exploit this to run web script code in the list administrator’s
web browser. (CVE-2006-3636)

URLs logged to the error log file are now checked for invalid
characters. Before, specially crafted URLs could inject arbitrary
messages into the log.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchmailman< 2.1.5-9ubuntu4.1UNKNOWN
Ubuntu5.10noarchmailman< 2.1.5-8ubuntu2.3UNKNOWN
Ubuntu5.04noarchmailman< 2.1.5-7ubuntu0.3UNKNOWN