Debian: FLSA:1734 Critical: Mailman Password Leak Attack
debian
July 22, 2004
A flaw in Mailman 2.1.* allows a remote attacker to retrieve the mailman password of any subscriber by sending a carefully crafted email request to the mailman server.
Topics Covered
Summary
1. Topic:
Updated mailman packages that fixes a remote security vulnerability are now
available.
2. Relevent releases/architectures:
Red Hat Linux 9 - i386
3. Problem description:
Mailman is software to help manage email discussion lists, much like
Majordomo and Smartmail. Unlike most similar products, Mailman gives each
mailing list a webpage, and allows users to subscribe, unsubscribe, etc.
over the Web. Even the list manager can administer his or her list
entirely from the Web. Mailman also integrates most things people want to
do with mailing lists, including archiving, mail <-> news gateways, and so
on.
A flaw in Mailman 2.1.* allows a remote attacker to retrieve the mailman
password of any subscriber by sending a carefully crafted email request to
the mailman server.
A simple patch is available and is fixed upstream in Mailman 2.1.5.
All users are advised to upgrade to these updated packages, which contain a
backported fix and are not vulnerable to this issue.
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!