Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:165: mailman Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mailman package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:165 (mailman).
A flaw was discovered in how Mailman handles MIME multipart messages
where a possible hacker could send a carefully-crafted MIME multipart
message to a Mailman-run mailing list causing that mailing list to
stop working (CVE-2006-2941).
As well, a number of XSS (cross-site scripting) issues were discovered
that could be exploited to perform XSS attacks against the Mailman
Finally, a CRLF injection vulnerability allows remote attackers to
spoof messages in the error log (CVE-2006-4624).
Updated packages have been patched to address these issues.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:165
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.