Debian: 2000-01 Advisory: Mailman Local Exploit and Mitigation Steps
debian
August 6, 2000
Exploit exists that could result in a malicious user obtaining group mailman permission.
Topics Covered
Summary
Package: mailman
Vulnerability: local mailman group exploit
Debian-specific: no
Former versions of mailman v2.0 came with a security problem,
introduced during the 2.0 beta cycle, that could be exploited by
clever local users to gain group mailman permission. No exploit does
exist at the moment, though.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
Slink comes with version 1.0 that is not vulnerable.
Debian 2.2 alias potato
- -----------------------
Potato comes with version 1.1 that is not vulnerable.
Debian Unstable alias woody
This version of Debian is not yet released and reflects the current
development release. Fixes are currently available for Intel ia32
and Motorola 680x0. Fixes for other architectures will be available
soon. In doubt, please recompile the package from source on your
own.
Source archives:
MD5 checksum: 177e666144c35d6b945b30dddf567fef
MD5 checksum: ...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!