Conectiva Local Security Checks : Conectiva Security Advisory CLA-2001:420

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51582

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2001:420

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2001:420.

Mailman is a mailing list manager.
This update fixes two security problems and some other issues not
related to security:

1. Versions prior do 2.0.2 (affects CL<=6.0) have a vulnerability
which allows a list administrador to obtain the list password of a
subscriber. This is not a regular security problem because the list
administrator does not need that password to gain access to a user's
subscription, but it is quite possible that the user shares this
password with other services, such as an email account, even though
the web interface gives a clear warning about this password and how
it is handled (by default, the password is mailed out every month).

2. Versions prior do 2.0.6 (affects CL<=7.0) have a vulnerability
which could allow non-authorized users to gain access to the
administrative interface of a list. For this to happen, the global
password (located in the data/adm.pw file) has to be empty, which is
not very likely. If it is empty, the administrative interface will
accept any password as valid.

3. This update also brings a logrotate configuration file to our
mailman package. This will regularly rotate the logs in
/usr/lib/mailman/logs.

4. Version 2.0.5 (affects CL<=7.0) fixed a problem with stale lock
files which can cause a list to be inaccessible for long periods of
time until the lock expires or is removed manually.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://mail.python.org/pipermail/mailman-announce/2001-July/000028.html
http://mail.python.org/pipermail/mailman-announce/2001-March/000022.html
http://mail.python.org/pipermail/mailman-announce/2001-May/000026.html
http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:420
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51582
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2001:420
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2001:420. Mailman is a mailing list manager. This update fixes two security problems and some other issues not related to security: 1. Versions prior do 2.0.2 (affects CL<=6.0) have a vulnerability which allows a list administrador to obtain the list password of a subscriber. This is not a regular security problem because the list administrator does not need that password to gain access to a user's subscription, but it is quite possible that the user shares this password with other services, such as an email account, even though the web interface gives a clear warning about this password and how it is handled (by default, the password is mailed out every month). 2. Versions prior do 2.0.6 (affects CL<=7.0) have a vulnerability which could allow non-authorized users to gain access to the administrative interface of a list. For this to happen, the global password (located in the data/adm.pw file) has to be empty, which is not very likely. If it is empty, the administrative interface will accept any password as valid. 3. This update also brings a logrotate configuration file to our mailman package. This will regularly rotate the logs in /usr/lib/mailman/logs. 4. Version 2.0.5 (affects CL<=7.0) fixed a problem with stale lock files which can cause a list to be inaccessible for long periods of time until the lock expires or is removed manually. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://mail.python.org/pipermail/mailman-announce/2001-July/000028.html http://mail.python.org/pipermail/mailman-announce/2001-March/000022.html http://mail.python.org/pipermail/mailman-announce/2001-May/000026.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:420 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com