Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:222: mailman Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mailman package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:222 (mailman).
Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character
encodings in filenames of e-mail attachments, which allows remote attackers to
cause a denial of service. (CVE-2005-3573) In addition, these versions of
mailman have an issue where the server will fail with an Overflow on bad date
data in a processed message. The version of mailman in Corporate Server 2.1
does not contain the above vulnerable code. Updated packages are patched to
correct these issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.