GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
BID:9620
Info
GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9620 |
| Class: | Input Validation Error |
| CVE: |
CVE-2003-0991 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue has been credited to Matthew Galgoci. |
| Vulnerable: |
SGI ProPack 2.4 SGI ProPack 2.3 GNU Mailman 2.1 GNU Mailman 2.0.14 GNU Mailman 2.0.13 GNU Mailman 2.0.12 GNU Mailman 2.0.11 GNU Mailman 2.0.10 GNU Mailman 2.0.9 GNU Mailman 2.0.8 GNU Mailman 2.0.7 GNU Mailman 2.0.6 GNU Mailman 2.0.5 GNU Mailman 2.0.4 GNU Mailman 2.0.4 GNU Mailman 2.0.3 GNU Mailman 2.0.2 GNU Mailman 2.0.1 GNU Mailman 2.0 beta5 GNU Mailman 2.0 beta4 GNU Mailman 2.0 beta3 GNU Mailman 2.0 .8 GNU Mailman 2.0 .7 GNU Mailman 2.0 .6 GNU Mailman 2.0 .5 GNU Mailman 2.0 .3 GNU Mailman 2.0 .2 GNU Mailman 2.0 .1 GNU Mailman 2.0 GNU Mailman 1.1 GNU Mailman 1.0 |
| Not Vulnerable: |
GNU Mailman 2.1.10 b1 GNU Mailman 2.1.4 GNU Mailman 2.1.3 GNU Mailman 2.1.1 |
Discussion
GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
It has been reported that GNU Mailman is prone to a denial of service vulnerability. Successful exploitation of this issue could cause Mailman to crash, denying service to legitimate users.
It has been reported that GNU Mailman is prone to a denial of service vulnerability. Successful exploitation of this issue could cause Mailman to crash, denying service to legitimate users.
Exploit / POC
GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
Solution:
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.
Advisory RHSA-2004:019-04 has been released for Red Hat Enterprise Edition. Users are advised to update their packages immediately. Please see the reference section for more information.
SGI has released an advisory 20040201-01-U with a patch to address this and other issues. Please see the referenced advisory for more information.
Mandrake has released advisory MDKSA-2004:013 and fixes to address this issue.
Debian has released advisory DSA 436-2 to address this issue.
SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.
Conectiva has released an advisory (CLA-2004:842) to address this and other issues. Please see the referenced advisory for more information.
Fixes:
GNU Mailman 1.0
GNU Mailman 1.1
GNU Mailman 2.0 beta3
GNU Mailman 2.0 .3
GNU Mailman 2.0 .7
GNU Mailman 2.0 beta4
GNU Mailman 2.0 .2
GNU Mailman 2.0 beta5
GNU Mailman 2.0 .5
GNU Mailman 2.0
GNU Mailman 2.0 .1
GNU Mailman 2.0 .8
GNU Mailman 2.0 .6
GNU Mailman 2.0.1
GNU Mailman 2.0.10
GNU Mailman 2.0.11
GNU Mailman 2.0.12
GNU Mailman 2.0.13
GNU Mailman 2.0.14
GNU Mailman 2.0.2
GNU Mailman 2.0.3
GNU Mailman 2.0.4
GNU Mailman 2.0.4
GNU Mailman 2.0.5
GNU Mailman 2.0.6
GNU Mailman 2.0.7
GNU Mailman 2.0.8
GNU Mailman 2.0.9
GNU Mailman 2.1
SGI ProPack 2.3
SGI ProPack 2.4
Solution:
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.
Advisory RHSA-2004:019-04 has been released for Red Hat Enterprise Edition. Users are advised to update their packages immediately. Please see the reference section for more information.
SGI has released an advisory 20040201-01-U with a patch to address this and other issues. Please see the referenced advisory for more information.
Mandrake has released advisory MDKSA-2004:013 and fixes to address this issue.
Debian has released advisory DSA 436-2 to address this issue.
SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.
Conectiva has released an advisory (CLA-2004:842) to address this and other issues. Please see the referenced advisory for more information.
Fixes:
GNU Mailman 1.0
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 1.1
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 beta3
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 .3
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 .7
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 beta4
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 .2
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 beta5
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 .5
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 .1
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 .8
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0 .6
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.1
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.10
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.11
-
Debian mailman_2.0.11-1woody8_alpha.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_alpha.deb -
Debian mailman_2.0.11-1woody8_arm.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_arm.deb -
Debian mailman_2.0.11-1woody8_hppa.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_hppa.deb -
Debian mailman_2.0.11-1woody8_i386.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_i386.deb -
Debian mailman_2.0.11-1woody8_ia64.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_ia64.deb -
Debian mailman_2.0.11-1woody8_m68k.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_m68k.deb -
Debian mailman_2.0.11-1woody8_mips.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_mips.deb -
Debian mailman_2.0.11-1woody8_powerpc.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_powerpc.deb -
Debian mailman_2.0.11-1woody8_s390.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_s390.deb -
Debian mailman_2.0.11-1woody8_sparc.deb
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody8_sparc.deb -
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.12
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.13
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz -
Mandrake mailman-2.0.14-1.1.91mdk.i586.rpm
Mandrake Linux 9.1:
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.0.14-1.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC:
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.0.14-1.1.C21mdk.i586.rpm
Corporate Server 2.1:
http://www.mandrakesecure.net/en/ftp.php
GNU Mailman 2.0.14
-
Conectiva mailman-2.0.14-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mailman-2.0.14-1U80_1cl.i38 6.rpm
GNU Mailman 2.0.2
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.3
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.4
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.4
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.5
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.6
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.7
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.8
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.0.9
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Mailman 2.1
-
GNU mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz -
GNU mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz -
GNU mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz -
GNU mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
SGI ProPack 2.3
-
SGI patch10050.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0050.tar.gz
SGI ProPack 2.4
-
SGI patch10044.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz
References
GNU Mailman Malformed Message Remote Denial Of Service Vulnerability
References:
References: