SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (E-mail Server)  >  Mailman Vendors:  GNU [multiple authors]
GNU Mailman MIME Multipart Parsing Error in 'scrubber.py' May Let Remote Users Deny Service
SecurityTracker Alert ID:  1015851
SecurityTracker URL:  http://securitytracker.com/id?1015851
CVE Reference:  CVE-2006-0052   (Links to External Site)
Date:  Mar 30 2006
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.1.5
Description:  A vulnerability was reported in GNU Mailman. A remote user can cause denial of service conditions.

A remote user can send an e-mail containing malformed MIME multiparts to potentially cause the mailing list to become inoperative.

The vulnerability resides in 'scrubber.py'.

Duncan S. Salada discovered this vulnerability.
Impact:  A remote user can cause the list to become inoperative.
Solution:  The vendor issued a fix in version 2.1.6.
Vendor URL:  mailman.sourceforge.net/ (Links to External Site)
Cause:  Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 9 2006 (Red Hat Issues Fix) GNU Mailman MIME Multipart Parsing Error in 'scrubber.py' May Let Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 3 and 4.


 Source Message Contents
Date:  Thu, 30 Mar 2006 15:22:24 -0500
Subject:  GNU Mailman vulnerability

 
 
CVE-2006-0052
 
 A potential denial of service problem has been discovered in mailman,
 the web-based GNU mailing list manager. The (failing) parsing of
 messages with malformed mime multiparts sometimes caused the whole
 mailing list to become inoperative.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC