CVE-2002-0389 - Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable d

CVE-2002-0389

Summary

Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.

References

Vulnerable Configurations

cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 28-12-2016 - 02:59)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

rhsa

id	RHSA-2015:1417

rpms

mailman-3:2.1.12-25.el6
mailman-debuginfo-3:2.1.12-25.el6

refmap via4

bid	4538
bugtraq	20020417 Mailman/Pipermail private mailing list/local user vulnerability
misc	http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103
xf	pipermail-view-archives(8874)

statements via4

contributor	Joshua Bressers
lastmodified	2016-12-27
organization	Red Hat
statement	Red Hat does not intend to take any action on this issue. This is the expected behavior of Mailman and is not considered to be a security flaw by upstream. If Mailman upstream addresses this issue in a future update, we may revisit our decision.

Last major update

28-12-2016 - 02:59

Published

18-06-2002 - 04:00

Last modified

28-12-2016 - 02:59