Test Kennung:	1.3.6.1.4.1.25623.1.0.51345
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2004:842
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2004:842. Mailman[1] is a mailing list manager. This update fixes the following vulnerabilities for Conectiva Linux 9: 1) Cross site scripting vulnerability in the admin CGI script (CVE-2003-0965)[2] 2) Cross site scripting vulnerability in the create CGI script (CVE-2003-0992)[3] 3) Remote password retrieval vulnerability (CVE-2004-0412)[4] As mentioned in the 2.1.5 release announcement[5], previous mailman versions are vulnerable to a password retrieval attack which would give the attacker the password an user choose when he/she subscribed to a mailing list. For Conectiva Linux 8, the following vulnerability has been fixed: - CVE-2003-0991[6]: denial of service vulnerability caused by specific mail messages which would crash mailman. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.list.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0992 http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0412 http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0991 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:842 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 6.8
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0965 BugTraq ID: 9336 http://www.securityfocus.com/bid/9336 Conectiva Linux advisory: CLA-2004:842 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 Debian Security Information: DSA-436 (Google Search) http://www.debian.org/security/2004/dsa-436 http://www.mandriva.com/security/advisories?name=MDKSA-2004:013 http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html http://www.osvdb.org/3305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813 http://www.redhat.com/support/errata/RHSA-2004-020.html http://secunia.com/advisories/10519 XForce ISS Database: mailman-admin-xss(14121) https://exchange.xforce.ibmcloud.com/vulnerabilities/14121 Common Vulnerability Exposure (CVE) ID: CVE-2003-0992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815 Common Vulnerability Exposure (CVE) ID: CVE-2004-0412 BugTraq ID: 10412 http://www.securityfocus.com/bid/10412 http://marc.info/?l=bugtraq&m=109034869927955&w=2 http://security.gentoo.org/glsa/glsa-200406-04.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051 http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html http://secunia.com/advisories/11701 XForce ISS Database: mailman-obtain-password(16256) https://exchange.xforce.ibmcloud.com/vulnerabilities/16256 Common Vulnerability Exposure (CVE) ID: CVE-2003-0991 BugTraq ID: 9620 http://www.securityfocus.com/bid/9620 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013 http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html http://www.redhat.com/support/errata/RHSA-2004-019.html SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc XForce ISS Database: mailman-command-handler-dos(15106) https://exchange.xforce.ibmcloud.com/vulnerabilities/15106
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.