ID CVE-2005-4153
Summary Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
References
Vulnerable Configurations
  • GNU Mailman 2.1.4
    cpe:2.3:a:gnu:mailman:2.1.4
  • GNU Mailman 2.1.5
    cpe:2.3:a:gnu:mailman:2.1.5
  • GNU Mailman 2.1.6
    cpe:2.3:a:gnu:mailman:2.1.6
CVSS
Base: 7.8 (as of 12-12-2005 - 17:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-955.NASL
    description Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash. The old stable distribution (woody) is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22821
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22821
    title Debian DSA-955-1 : mailman - DoS
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-242-1.NASL
    description Aliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. (CVE-2005-3573) Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash. (CVE-2005-4153). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20789
    published 2006-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20789
    title Ubuntu 4.10 / 5.04 / 5.10 : mailman vulnerabilities (USN-242-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0204.NASL
    description An updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21034
    published 2006-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21034
    title RHEL 3 / 4 : mailman (RHSA-2006:0204)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0204.NASL
    description An updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21892
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21892
    title CentOS 3 / 4 : mailman (CESA-2006:0204)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-222.NASL
    description Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20453
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20453
    title Mandrake Linux Security Advisory : mailman (MDKSA-2005:222)
oval via4
accepted 2013-04-29T04:07:31.173-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
family unix
id oval:org.mitre.oval:def:10660
status accepted
submitted 2010-07-09T03:56:16-04:00
title Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
version 23
redhat via4
advisories
bugzilla
id 176089
title CVE-2005-4153 Mailman DOS
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0204
released 2006-03-07
severity Moderate
title RHSA-2006:0204: mailman security update (Moderate)
refmap via4
bid 16248
debian DSA-955
mandriva MDKSA-2005:222
osvdb 21723
secunia
  • 18449
  • 18456
  • 18612
  • 19167
  • 19196
  • 19532
sgi 20060401-01-U
trustix 2006-0012
ubuntu USN-242-1
xf mailman-utf8-scrubber-dos(23139)
Last major update 21-08-2010 - 00:00
Published 10-12-2005 - 21:03
Last modified 10-10-2017 - 21:30
Back to Top