CVE-2005-3573
CVSS5.0
发布时间 :2005-11-16 02:42:00
修订时间 :2011-03-07 21:26:47
NMCOPS    

[原文]Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).


[CNNVD]GNU Mailman附件正规化器UTF8文件名拒绝服务漏洞(CNNVD-200511-167)

        GNU Mailman是一款开放源码的邮件列表管理系统。
        Mailman的邮件附件正规化工具实现上存在漏洞,远程攻击者可能利用此漏洞对服务器程序执行拒绝服务攻击。Mailman的附件正规则化工具在处理畸形的UTF8文件时存在问题,远程攻击者可以通过发送带有畸形UTF8文件名导致邮件列表管理程序崩溃。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:mailman:2.0:beta4GNU Mailman 2.0 beta4
cpe:/a:gnu:mailman:2.0.9GNU Mailman 2.0.9
cpe:/a:gnu:mailman:2.1.3GNU Mailman 2.1.3
cpe:/a:gnu:mailman:2.1GNU Mailman 2.1
cpe:/a:gnu:mailman:2.0.2GNU Mailman 2.0.2
cpe:/a:gnu:mailman:2.0:beta3GNU Mailman 2.0 beta3
cpe:/a:gnu:mailman:2.0.8GNU Mailman 2.0.8
cpe:/a:gnu:mailman:2.0.11GNU Mailman 2.0.11
cpe:/a:gnu:mailman:2.1.2GNU Mailman 2.1.2
cpe:/a:gnu:mailman:2.1.5.8GNU Mailman 2.1.5.8
cpe:/a:gnu:mailman:2.0.6GNU Mailman 2.0.6
cpe:/a:gnu:mailman:2.0.14GNU Mailman 2.0.14
cpe:/a:gnu:mailman:2.1.1:beta1GNU Mailman 2.1.1b1
cpe:/a:gnu:mailman:2.0.3GNU Mailman 2.0.3
cpe:/a:gnu:mailman:2.0.10GNU Mailman 2.0.10
cpe:/a:gnu:mailman:2.0.13GNU Mailman 2.0.13
cpe:/a:gnu:mailman:2.1.5GNU Mailman 2.1.5
cpe:/a:gnu:mailman:2.1.4GNU Mailman 2.1.4
cpe:/a:gnu:mailman:2.0.7GNU Mailman 2.0.7
cpe:/a:gnu:mailman:2.0.4GNU Mailman 2.0.4
cpe:/a:gnu:mailman:2.0.1GNU Mailman 2.0.1
cpe:/a:gnu:mailman:2.0:beta5GNU Mailman 2.0 beta5
cpe:/a:gnu:mailman:2.0.5GNU Mailman 2.0.5
cpe:/a:gnu:mailman:2.0.12GNU Mailman 2.0.12

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10038Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote att...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3573
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-167
(官方数据源) CNNVD

- 其它链接及资源

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222
(UNKNOWN)  MANDRIVA  MDKSA-2005:222
http://www.vupen.com/english/advisories/2005/2404
(UNKNOWN)  VUPEN  ADV-2005-2404
http://www.securityfocus.com/bid/15408
(UNKNOWN)  BID  15408
http://secunia.com/advisories/17874
(UNKNOWN)  SECUNIA  17874
http://secunia.com/advisories/17511
(VENDOR_ADVISORY)  SECUNIA  17511
http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
(UNKNOWN)  MLIST  [Mailman-Users] 20050912 Uncaught runner exception: 'utf8' codeccan'tdecode bytes in position 1-4: invalid data
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
(UNKNOWN)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
http://xforce.iss.net/xforce/xfdb/23139
(UNKNOWN)  XF  mailman-utf8-scrubber-dos(23139)
http://www.ubuntu.com/usn/usn-242-1
(UNKNOWN)  UBUNTU  USN-242-1
http://www.trustix.org/errata/2006/0012/
(UNKNOWN)  TRUSTIX  2006-0012
http://www.redhat.com/support/errata/RHSA-2006-0204.html
(UNKNOWN)  REDHAT  RHSA-2006:0204
http://www.osvdb.org/20819
(UNKNOWN)  OSVDB  20819
http://www.debian.org/security/2006/dsa-955
(UNKNOWN)  DEBIAN  DSA-955
http://securitytracker.com/id?1015735
(UNKNOWN)  SECTRACK  1015735
http://secunia.com/advisories/19532
(UNKNOWN)  SECUNIA  19532
http://secunia.com/advisories/19196
(UNKNOWN)  SECUNIA  19196
http://secunia.com/advisories/19167
(UNKNOWN)  SECUNIA  19167
http://secunia.com/advisories/18612
(UNKNOWN)  SECUNIA  18612
http://secunia.com/advisories/18503
(UNKNOWN)  SECUNIA  18503
http://secunia.com/advisories/18456
(UNKNOWN)  SECUNIA  18456
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html
(UNKNOWN)  SUSE  SUSE-SR:2006:001
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
(UNKNOWN)  SGI  20060401-01-U

- 漏洞信息

GNU Mailman附件正规化器UTF8文件名拒绝服务漏洞
中危 授权问题
2005-11-16 00:00:00 2006-01-19 00:00:00
远程  
        GNU Mailman是一款开放源码的邮件列表管理系统。
        Mailman的邮件附件正规化工具实现上存在漏洞,远程攻击者可能利用此漏洞对服务器程序执行拒绝服务攻击。Mailman的附件正规则化工具在处理畸形的UTF8文件时存在问题,远程攻击者可以通过发送带有畸形UTF8文件名导致邮件列表管理程序崩溃。

- 公告与补丁

        暂无数据

- 漏洞信息 (F43253)

Ubuntu Security Notice 242-1 (PacketStormID:F43253)
2006-01-21 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service
linux,ubuntu
CVE-2005-3573,CVE-2005-4153
[点击下载]

Ubuntu Security Notice USN-242-1 - Aliet Santiesteban Sifontes discovered a remote denial of service vulnerability in the attachment handler of mailman. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash.

===========================================================
Ubuntu Security Notice USN-242-1	   January 16, 2006
mailman vulnerabilities
CVE-2005-3573, CVE-2005-4153
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mailman

The problem can be corrected by upgrading the affected package to
version 2.1.5-1ubuntu2.5 (for Ubuntu 4.10), 2.1.5-7ubuntu0.1 (for
Ubuntu 5.04), or 2.1.5-8ubuntu2.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Aliet Santiesteban Sifontes discovered a remote Denial of Service
vulnerability in the attachment handler. An email with an attachment
whose filename contained invalid UTF-8 characters caused mailman to
crash. (CVE-2005-3573)

Mailman did not sufficiently verify the validity of email dates. Very
large numbers in dates caused mailman to crash. (CVE-2005-4153)


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.5.diff.gz
      Size/MD5:   128899 1686924bbacf9fefa556fd7f1e8f74dc
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.5.dsc
      Size/MD5:      658 65e41dc9eb2456d8189aea0eb4df64ae
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.5_amd64.deb
      Size/MD5:  6602720 b559d0c6c0c8d97dc6ea342a4911d154

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.5_i386.deb
      Size/MD5:  6602194 ad5e65cead5a9d90ddbffc736337fb94

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1ubuntu2.5_powerpc.deb
      Size/MD5:  6611016 89feb8e459fa9f34ff91c8bbf75f3a80

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.1.diff.gz
      Size/MD5:   118355 78b91e2f11e438ef259c3e67e6fd1d47
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.1.dsc
      Size/MD5:      669 99b42b16f8c4ba4e8acacc73920d1639
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.1_amd64.deb
      Size/MD5:  6609778 28b3e1f005cbcc097fb084ba3b0c313b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.1_i386.deb
      Size/MD5:  6609308 f80df6c6bc8f6a028d065c8892849569

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7ubuntu0.1_powerpc.deb
      Size/MD5:  6616534 f33e0b4a6d2afea8aa96f3e86fdfe579

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.1.diff.gz
      Size/MD5:   194039 fd67dfe7d97bd94e9ad0e0575599639d
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.1.dsc
      Size/MD5:      626 63366d888d62e4769c331c7303716c2e
    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5.orig.tar.gz
      Size/MD5:  5745912 f5f56f04747cd4aff67427e7a45631af

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.1_amd64.deb
      Size/MD5:  6610440 165e35634f6767fbab615e9407eec4c8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.1_i386.deb
      Size/MD5:  6609374 03e1822d1085b4ff27d3ecb2912048bf

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8ubuntu2.1_powerpc.deb
      Size/MD5:  6617106 522653cd7ecdce70366a2d80b5b97460
    

- 漏洞信息 (F42047)

Mandriva Linux Security Advisory 2005.222 (PacketStormID:F42047)
2005-12-03 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service,overflow
linux,mandriva
CVE-2005-3573
[点击下载]

Mandriva Linux Security Advisory - Scrubber.py in Mailman 2.1.4 through 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. In addition, these versions of mailman have an issue where the server will fail with an overflow on bad date data in a processed message.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:222
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mailman
 Date    : December 2, 2005
 Affected: 10.1, 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8
 character encodings in filenames of e-mail attachments, which allows
 remote attackers to cause a denial of service. (CVE-2005-3573)
 
 In addition, these versions of mailman have an issue where the server
 will fail with an Overflow on bad date data in a processed message.
 
 The version of mailman in Corporate Server 2.1 does not contain the
 above vulnerable code.
 
 Updated packages are patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 b62f2bdad4a9295bcedec597f5479843  10.1/RPMS/mailman-2.1.5-7.5.101mdk.i586.rpm
 4ebd694b50ccbc9f2b602676840c4bc9  10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 a887edf3dd65a418c441fae7588f7e5e  x86_64/10.1/RPMS/mailman-2.1.5-7.5.101mdk.x86_64.rpm
 4ebd694b50ccbc9f2b602676840c4bc9  x86_64/10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm

 Mandriva Linux 10.2:
 99e3dbde709dfa5eb7bd71041adf41be  10.2/RPMS/mailman-2.1.5-15.2.102mdk.i586.rpm
 c01867687ff9c78b4c1e2da9d70c4f11  10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 c66dd1916ba0d8ecf8796b1890a064fd  x86_64/10.2/RPMS/mailman-2.1.5-15.2.102mdk.x86_64.rpm
 c01867687ff9c78b4c1e2da9d70c4f11  x86_64/10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 f917270b5334f62843bbdb4a06d12ae0  2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.i586.rpm
 15bc0be9373657ac39a9e3956de90801  2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 e92b1dd1ae0bfe3bbc61ba5d6f3b52c3  x86_64/2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.x86_64.rpm
 15bc0be9373657ac39a9e3956de90801  x86_64/2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm

 Corporate 3.0:
 867bdc1fe018e94eb4d5352fc69747ae  corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.i586.rpm
 572477eb207dadbabc22b0e53b0c2b2b  corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8a4cc67f45481e9d4b25c41e80f54809  x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.x86_64.rpm
 572477eb207dadbabc22b0e53b0c2b2b  x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDkKPamqjQ0CJFipgRAli4AKCLkrxtdpNyvYclD5KxuVVAZFAHCgCgw0NO
Uq5wc0mG0ABsi0Kyn7l6xR0=
=e/3r
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

20819
Mailman Scrubber.py utf8 Filename Processing DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 15408
Yes No
2005-11-14 12:00:00 2006-08-17 03:35:00
Discovery is credited to Aliet Santiesteban Sifontes.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
GNU Mailman 2.1.10 b1
GNU Mailman 2.1.5
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 3
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 3
GNU Mailman 2.1.4
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU Mailman 2.1.3
GNU Mailman 2.1.2
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
GNU Mailman 2.1.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
GNU Mailman 2.1
GNU Mailman 2.0.14
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
GNU Mailman 2.0.13
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
GNU Mailman 2.0.12
GNU Mailman 2.0.11
+ Debian Linux 3.0
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
- RedHat PowerTools 7.1
- RedHat PowerTools 7.0
GNU Mailman 2.0.7
GNU Mailman 2.0.6
GNU Mailman 2.0.5
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- RedHat Linux 7.1
- RedHat Linux 7.0
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
GNU Mailman 2.0.4
GNU Mailman 2.0.4
GNU Mailman 2.0.3
GNU Mailman 2.0.2
GNU Mailman 2.0.1
GNU Mailman 2.0 beta5
+ RedHat Secure Web Server 3.2 i386
GNU Mailman 2.0 beta4
- BSDI BSD/OS 4.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ RedHat Secure Web Server 3.2 i386
+ RedHat Secure Web Server 3.1 sparc
+ RedHat Secure Web Server 3.1 i386
+ RedHat Secure Web Server 3.1 alpha
+ RedHat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
GNU Mailman 2.0 beta3
- BSDI BSD/OS 4.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ RedHat Secure Web Server 3.2 i386
+ RedHat Secure Web Server 3.1 sparc
+ RedHat Secure Web Server 3.1 i386
+ RedHat Secure Web Server 3.1 alpha
+ RedHat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
GNU Mailman 2.0 .8
GNU Mailman 2.0 .7
GNU Mailman 2.0 .6
+ RedHat Linux 7.2 i386
GNU Mailman 2.0 .5
GNU Mailman 2.0 .3
GNU Mailman 2.0 .2
GNU Mailman 2.0 .1
GNU Mailman 2.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

GNU Mailman is prone to denial-of-service attacks. This issue affects the attachment-scrubber utility.

The vulnerability could be triggered by mailing-list posts and will impact the availability of mailing lists hosted by the application.

- 漏洞利用

An exploit is not required.

- 解决方案

Please see the referenced advisories for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.


GNU Mailman 2.1.4

GNU Mailman 2.1.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站