Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Misc. --> Category: infos

Mailman Password Retrieval Vulnerability Scan


Vulnerability Scan Summary
Checks for Mailman Password Retrieval Vulnerability

Detailed Explanation for this Vulnerability Test

The target is running version of the Mailman mailing list software that
allows a list subscriber to retrieve the mailman password of any other
subscriber by means of a specially crafted mail message to the server.
That is, a message sent to $listname-request@$target containing the
lines :

password address=$victim
password address=$subscriber

will return the password of both $victim and $subscriber for the list
$listname@$target.

***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number of Mailman installed
***** there.

Solution : Upgrade to Mailman version 2.1.5 or newer.
Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.