Family: Red Hat Local Security Checks --> Category: infos
RHSA-2005-136: mailman Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mailman packages
Detailed Explanation for this Vulnerability Test
Updated mailman packages that correct a mailman security issue are now
The mailman package is software to help manage email discussion lists.
A flaw in the true_path function of Mailman was discovered. A remote
attacker who is a member of a private mailman list could use a carefully
crafted URL and gain access to arbitrary files on the server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0202 to this issue.
Note: Mailman installations running on Apache 2.0-based servers are not
vulnerable to this issue.
Users of mailman should update to these erratum packages that contain a
patch and are not vulnerable to this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2005-136.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.