ID CVE-2006-2941
Summary Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
References
Vulnerable Configurations
  • GNU Mailman 2.1
    cpe:2.3:a:gnu:mailman:2.1
  • GNU Mailman 2.1.1
    cpe:2.3:a:gnu:mailman:2.1.1
  • GNU Mailman 2.1.1b1
    cpe:2.3:a:gnu:mailman:2.1.1:beta1
  • GNU Mailman 2.1.2
    cpe:2.3:a:gnu:mailman:2.1.2
  • GNU Mailman 2.1.3
    cpe:2.3:a:gnu:mailman:2.1.3
  • GNU Mailman 2.1.4
    cpe:2.3:a:gnu:mailman:2.1.4
  • GNU Mailman 2.1.5
    cpe:2.3:a:gnu:mailman:2.1.5
  • GNU Mailman 2.1.5.8
    cpe:2.3:a:gnu:mailman:2.1.5.8
  • GNU Mailman 2.1.6
    cpe:2.3:a:gnu:mailman:2.1.6
  • GNU Mailman 2.1.7
    cpe:2.3:a:gnu:mailman:2.1.7
  • GNU Mailman 2.1.8
    cpe:2.3:a:gnu:mailman:2.1.8
  • GNU Mailman 2.1b1
    cpe:2.3:a:gnu:mailman:2.1b1
CVSS
Base: 5.0 (as of 06-09-2006 - 10:58)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-345-1.NASL
    description Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various cross-site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator's web browser. (CVE-2006-3636) URLs logged to the error log file are now checked for invalid characters. Before, specially crafted URLs could inject arbitrary messages into the log. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27924
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27924
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : mailman vulnerabilities (USN-345-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-165.NASL
    description A flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941). As well, a number of XSS (cross-site scripting) issues were discovered that could be exploited to perform XSS attacks against the Mailman administrator (CVE-2006-3636). Finally, a CRLF injection vulnerability allows remote attackers to spoof messages in the error log (CVE-2006-4624). Updated packages have been patched to address these issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 23909
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23909
    title Mandrake Linux Security Advisory : mailman (MDKSA-2006:165)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MAILMAN-2170.NASL
    description This update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27344
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27344
    title openSUSE 10 Security Update : mailman (mailman-2170)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0600.NASL
    description Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22320
    published 2006-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22320
    title CentOS 3 / 4 : mailman (CESA-2006:0600)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0600.NASL
    description Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22330
    published 2006-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22330
    title RHEL 3 / 4 : mailman (RHSA-2006:0600)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200609-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200609-12 (Mailman: Multiple vulnerabilities) Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact : An attacker could exploit these vulnerabilities to cause Mailman to stop processing mails, to inject content into the log file or to execute arbitrary scripts running in the context of the administrator or mailing list user's browser. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 22429
    published 2006-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22429
    title GLSA-200609-12 : Mailman: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0600.NASL
    description From Red Hat Security Advisory 2006:0600 : Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67397
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67397
    title Oracle Linux 3 / 4 : mailman (ELSA-2006-0600)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MAILMAN-2174.NASL
    description This update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636: - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29519
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29519
    title SuSE 10 Security Update : mailman (ZYPP Patch Number 2174)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11243.NASL
    description This update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41102
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41102
    title SuSE9 Security Update : mailman (YOU Patch Number 11243)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_FFFA92573C1711DB86AB00123FFE8333.NASL
    description Secunia reports : Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service). 1) An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successful exploitation may trick an administrator into visiting a malicious website. 2) An error in the processing of malformed headers which does not follow the RFC 2231 standard can be exploited to cause a DoS (Denial of Service). 3) Some unspecified input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 22304
    published 2006-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22304
    title FreeBSD : mailman -- Multiple Vulnerabilities (fffa9257-3c17-11db-86ab-00123ffe8333)
oval via4
accepted 2013-04-29T04:23:16.916-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
family unix
id oval:org.mitre.oval:def:9912
status accepted
submitted 2010-07-09T03:56:16-04:00
title Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
version 23
redhat via4
advisories
rhsa
id RHSA-2006:0600
refmap via4
bid 19831
confirm http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295
gentoo GLSA-200609-12
mandriva MDKSA-2006:165
misc http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923
mlist [Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9
sectrack 1016808
secunia
  • 21732
  • 21792
  • 21837
  • 21879
  • 22011
  • 22020
  • 22639
suse SUSE-SR:2006:025
ubuntu USN-345-1
vupen ADV-2006-3446
xf mailman-headers-dos(28732)
Last major update 07-03-2011 - 21:37
Published 05-09-2006 - 20:04
Last modified 10-10-2017 - 21:30
Back to Top