ID CVE-2006-3636
Summary Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Vulnerable Configurations
  • GNU Mailman 2.1
    cpe:2.3:a:gnu:mailman:2.1
  • GNU Mailman 2.1.1
    cpe:2.3:a:gnu:mailman:2.1.1
  • GNU Mailman 2.1.1b1
    cpe:2.3:a:gnu:mailman:2.1.1:beta1
  • GNU Mailman 2.1.2
    cpe:2.3:a:gnu:mailman:2.1.2
  • GNU Mailman 2.1.3
    cpe:2.3:a:gnu:mailman:2.1.3
  • GNU Mailman 2.1.4
    cpe:2.3:a:gnu:mailman:2.1.4
  • GNU Mailman 2.1.5
    cpe:2.3:a:gnu:mailman:2.1.5
  • GNU Mailman 2.1.5.8
    cpe:2.3:a:gnu:mailman:2.1.5.8
  • GNU Mailman 2.1.6
    cpe:2.3:a:gnu:mailman:2.1.6
  • GNU Mailman 2.1.7
    cpe:2.3:a:gnu:mailman:2.1.7
  • GNU Mailman 2.1.8
    cpe:2.3:a:gnu:mailman:2.1.8
  • GNU Mailman 2.1b1
    cpe:2.3:a:gnu:mailman:2.1b1
CVSS
Base: 6.8 (as of 06-09-2006 - 11:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Mailman 2.1.x Multiple Input Validation Vulnerabilities. CVE-2006-3636. Webapps exploit for cgi platform
id EDB-ID:28570
last seen 2016-02-03
modified 2006-09-14
published 2006-09-14
reporter Moritz Naumann
source https://www.exploit-db.com/download/28570/
title Mailman 2.1.x - Multiple Input Validation Vulnerabilities
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-345-1.NASL
    description Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various cross-site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator's web browser. (CVE-2006-3636) URLs logged to the error log file are now checked for invalid characters. Before, specially crafted URLs could inject arbitrary messages into the log. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27924
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27924
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : mailman vulnerabilities (USN-345-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1188.NASL
    description Several security related problems have been discovered in mailman, the web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3636 Moritz Naumann discovered several cross-site scripting problems that could allow remote attackers to inject arbitrary web script code or HTML. - CVE-2006-4624 Moritz Naumann discovered that a remote attacker can inject arbitrary strings into the logfile.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22730
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22730
    title Debian DSA-1188-1 : mailman - format string
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-165.NASL
    description A flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941). As well, a number of XSS (cross-site scripting) issues were discovered that could be exploited to perform XSS attacks against the Mailman administrator (CVE-2006-3636). Finally, a CRLF injection vulnerability allows remote attackers to spoof messages in the error log (CVE-2006-4624). Updated packages have been patched to address these issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 23909
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23909
    title Mandrake Linux Security Advisory : mailman (MDKSA-2006:165)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MAILMAN-2170.NASL
    description This update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27344
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27344
    title openSUSE 10 Security Update : mailman (mailman-2170)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0600.NASL
    description Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22320
    published 2006-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22320
    title CentOS 3 / 4 : mailman (CESA-2006:0600)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0600.NASL
    description Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22330
    published 2006-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22330
    title RHEL 3 / 4 : mailman (RHSA-2006:0600)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0600.NASL
    description From Red Hat Security Advisory 2006:0600 : Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67397
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67397
    title Oracle Linux 3 / 4 : mailman (ELSA-2006-0600)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MAILMAN-2174.NASL
    description This update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636: - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29519
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29519
    title SuSE 10 Security Update : mailman (ZYPP Patch Number 2174)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11243.NASL
    description This update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 - Fixed an unexploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41102
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41102
    title SuSE9 Security Update : mailman (YOU Patch Number 11243)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_FFFA92573C1711DB86AB00123FFE8333.NASL
    description Secunia reports : Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service). 1) An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successful exploitation may trick an administrator into visiting a malicious website. 2) An error in the processing of malformed headers which does not follow the RFC 2231 standard can be exploited to cause a DoS (Denial of Service). 3) Some unspecified input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 22304
    published 2006-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22304
    title FreeBSD : mailman -- Multiple Vulnerabilities (fffa9257-3c17-11db-86ab-00123ffe8333)
oval via4
accepted 2013-04-29T04:06:39.552-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
family unix
id oval:org.mitre.oval:def:10553
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
version 23
packetstorm via4
data source https://packetstormsecurity.com/files/download/50027/0013.txt
id PACKETSTORM:50027
last seen 2016-12-05
published 2006-09-14
reporter Moritz Naumann
source https://packetstormsecurity.com/files/50027/0013.txt.html
title 0013.txt
redhat via4
advisories
bugzilla
id 203704
title CVE-2006-3636 Mailman XSS issues
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0600
released 2006-09-06
severity Moderate
title RHSA-2006:0600: mailman security update (Moderate)
refmap via4
bid
  • 19831
  • 20021
bugtraq 20060913 Mailman 2.1.8 Multiple Security Issues
confirm http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295
debian DSA-1188
gentoo GLSA-200609-12
mandriva MDKSA-2006:165
misc http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt
mlist [Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9
sectrack 1016808
secunia
  • 21732
  • 21792
  • 21879
  • 22011
  • 22020
  • 22227
  • 22639
suse SUSE-SR:2006:025
ubuntu USN-345-1
vupen ADV-2006-3446
xf mailman-unspecified-xss(28731)
Last major update 07-03-2011 - 21:39
Published 05-09-2006 - 20:04
Last modified 18-10-2018 - 12:48
Back to Top