GNU Mailman Multiple Remote Vulnerabilities

BID:12243

Info

GNU Mailman Multiple Remote Vulnerabilities

Bugtraq ID: 12243
Class: Unknown
CVE: CVE-2004-1143
CVE-2004-1177
CVE-2004-1178
Remote: Yes
Local: No
Published: Jan 11 2005 12:00AM
Updated: Jul 12 2009 09:27AM
Credit: Discovery of these vulnerabilities is credited to Florian Weimer and Juha-Matti Tapio.
Vulnerable: Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Redhat Enterprise Linux WS 4
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux AS 4
Redhat Desktop 4.0
Redhat Desktop 3.0
GNU Mailman 2.1.10 b1
GNU Mailman 2.1.5
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Redhat Enterprise Linux Desktop version 4
+ Redhat Enterprise Linux AS 4
+ Redhat Enterprise Linux AS 3
+ Redhat Enterprise Linux ES 4
+ Redhat Enterprise Linux ES 3
+ Redhat Enterprise Linux WS 4
+ Redhat Enterprise Linux WS 3
GNU Mailman 2.1.4
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU Mailman 2.1.3
GNU Mailman 2.1.2
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
GNU Mailman 2.1.1
+ Redhat Linux 9.0 i386
+ Redhat Linux 7.3 i686
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3
GNU Mailman 2.1
GNU Mailman 2.0.14
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
GNU Mailman 2.0.13
+ Redhat Enterprise Linux AS 2.1 IA64
+ Redhat Enterprise Linux AS 2.1
+ Redhat Enterprise Linux ES 2.1 IA64
+ Redhat Enterprise Linux ES 2.1
+ Redhat Enterprise Linux WS 2.1 IA64
+ Redhat Enterprise Linux WS 2.1
GNU Mailman 2.0.12
GNU Mailman 2.0.11
+ Debian Linux 3.0
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
- Redhat PowerTools 7.1
- Redhat PowerTools 7.0
GNU Mailman 2.0.7
GNU Mailman 2.0.6
GNU Mailman 2.0.5
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- Redhat Linux 7.1
- Redhat Linux 7.0
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- SuSE Linux 7.2
- SuSE Linux 7.1
- SuSE Linux 7.0
GNU Mailman 2.0.4
GNU Mailman 2.0.4
GNU Mailman 2.0.3
GNU Mailman 2.0.2
GNU Mailman 2.0.1
GNU Mailman 2.0 beta5
+ Redhat Secure Web Server 3.2 i386
GNU Mailman 2.0 beta4
- BSDI BSD/OS 4.0
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ Redhat Secure Web Server 3.2 i386
+ Redhat Secure Web Server 3.1 sparc
+ Redhat Secure Web Server 3.1 i386
+ Redhat Secure Web Server 3.1 alpha
+ Redhat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
GNU Mailman 2.0 beta3
- BSDI BSD/OS 4.0
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ Redhat Secure Web Server 3.2 i386
+ Redhat Secure Web Server 3.1 sparc
+ Redhat Secure Web Server 3.1 i386
+ Redhat Secure Web Server 3.1 alpha
+ Redhat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
GNU Mailman 2.0 .8
+ Redhat Secure Web Server 3.2 i386
GNU Mailman 2.0 .7
GNU Mailman 2.0 .6
+ Redhat Linux 7.2 i386
GNU Mailman 2.0 .5
GNU Mailman 2.0 .3
GNU Mailman 2.0 .2
GNU Mailman 2.0 .1
GNU Mailman 2.0
GNU Mailman 1.1
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
GNU Mailman 1.0
+ Debian Linux 2.1
Gentoo Linux
Not Vulnerable:

Discussion

GNU Mailman Multiple Remote Vulnerabilities

GNU Mailman is reported prone to multiple remote vulnerabilities. The following individual issues are reported:

It is reported that GNU Mailman is affected by an information disclosure vulnerability.

Information that is harvested by exploiting this vulnerability may be used to aid in further attacks that are launched against a target user, or the computer that is hosting the vulnerable software.

A cross-site scripting vulnerability has been discovered in GNU Mailman. The issue occurs due to insufficient sanitization of user-supplied data.

It may be possible to exploit this issue in order to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

Finally, Mailman is reported prone to a weak auto-generated password vulnerability. It is reported that, when a user subscribes to a mailing list and a password is not specified, Mailman will auto-generate one. The password generation algorithm will generate a weak low entropy password. This password may potentially be brute forced by an attacker.

Exploit / POC

GNU Mailman Multiple Remote Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

GNU Mailman Multiple Remote Vulnerabilities

Solution:
Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with these and other issues. For more information, please see the referenced advisory.

Ubuntu has released an advisory called USN-59-1 to address these issues for Ubuntu Linux. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200501-29 to address these issues. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Please see the referenced advisory for further information.

Mandrake Linux has released advisory MDKSA-2005:015 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. SuSE Linux has also released advisory SUSE-SA:2005:007 to supersede the earlier advisory

Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.

Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.

Red Hat has released advisory RHSA-2005:235-05 to address the cross-site scripting issue (CAN-2004-1177). Please see the referenced advisory for more information.


GNU Mailman 2.0.11

GNU Mailman 2.0.13

GNU Mailman 2.1.1

GNU Mailman 2.1.2

GNU Mailman 2.1.4

GNU Mailman 2.1.5

References

GNU Mailman Multiple Remote Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report