FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman -- Multiple Vulnerabilities

Affected packages
ja-mailman < 2.1.9.r1
mailman < 2.1.9.r1
mailman-with-htdig < 2.1.9.r1

Details

VuXML ID fffa9257-3c17-11db-86ab-00123ffe8333
Discovery 2006-06-09
Entry 2006-09-04
Modified 2006-10-04

Secunia reports:

Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service).

1) An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL.

Successful exploitation may trick an administrator into visiting a malicious web site.

2) An error in the processing of malformed headers which does not follow the RFC 2231 standard can be exploited to cause a DoS (Denial of Service).

3) Some unspecified input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

References

Bugtraq ID 19831
CVE Name CVE-2006-2191
CVE Name CVE-2006-2941
CVE Name CVE-2006-3636
CVE Name CVE-2006-4624
URL http://secunia.com/advisories/21732/
URL http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295