|
Family: Misc. --> Category: infos
Mailman Password Retrieval Vulnerability Scan
Vulnerability Scan Summary Checks for Mailman Password Retrieval Vulnerability
Detailed Explanation for this Vulnerability Test
The target is running version of the Mailman mailing list software that
allows a list subscriber to retrieve the mailman password of any other
subscriber by means of a specially crafted mail message to the server.
That is, a message sent to $listname-request@$target containing the
lines :
password address=$victim
password address=$subscriber
will return the password of both $victim and $subscriber for the list
$listname@$target.
***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number of Mailman installed
***** there.
Solution : Upgrade to Mailman version 2.1.5 or newer.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|