Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerability
BID:10147
Info
Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerability
| Bugtraq ID: | 10147 |
| Class: | Design Error |
| CVE: |
CVE-2004-0182 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery of this vulnerability is credited to Matthew Saltzman. |
| Vulnerable: |
SGI ProPack 2.4 SGI ProPack 2.3 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 2.1 Redhat Advanced Workstation for the Itanium Processor 2.1 |
| Not Vulnerable: | |
Discussion
Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerability
An update that was released by Red Hat(RHSA-2004:019) to address the issue described in BID 9620 (GNU Mailman Malformed Message Remote Denial Of Service Vulnerability), is reported to introduce a denial of service vulnerability.
A remote attacker may exploit this vulnerability to cause the mailman to crash, effectively denying service to legitimate users.
An update that was released by Red Hat(RHSA-2004:019) to address the issue described in BID 9620 (GNU Mailman Malformed Message Remote Denial Of Service Vulnerability), is reported to introduce a denial of service vulnerability.
A remote attacker may exploit this vulnerability to cause the mailman to crash, effectively denying service to legitimate users.
Exploit / POC
Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerability
Solution:
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
Red Hat has released an advisory (RHSA-2004:156-07) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
SGI ProPack 2.3
SGI ProPack 2.4
Solution:
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
Red Hat has released an advisory (RHSA-2004:156-07) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
SGI ProPack 2.3
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0067.tar.gz
SGI ProPack 2.4
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0067.tar.gz
References
Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerability
References:
References: