Conectiva Local Security Checks : Conectiva Security Advisory CLA-2001:420

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51582

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2001:420

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2001:420.

Mailman is a mailing list manager.
This update fixes two security problems and some other issues not
related to security:

1. Versions prior do 2.0.2 (affects CL<=6.0) have a vulnerability
which allows a list administrador to obtain the list password of a
subscriber. This is not a regular security problem because the list
administrator does not need that password to gain access to a user's
subscription, but it is quite possible that the user shares this
password with other services, such as an email account, even though
the web interface gives a clear warning about this password and how
it is handled (by default, the password is mailed out every month).

2. Versions prior do 2.0.6 (affects CL<=7.0) have a vulnerability
which could allow non-authorized users to gain access to the
administrative interface of a list. For this to happen, the global
password (located in the data/adm.pw file) has to be empty, which is
not very likely. If it is empty, the administrative interface will
accept any password as valid.

3. This update also brings a logrotate configuration file to our
mailman package. This will regularly rotate the logs in
/usr/lib/mailman/logs.

4. Version 2.0.5 (affects CL<=7.0) fixed a problem with stale lock
files which can cause a list to be inaccessible for long periods of
time until the lock expires or is removed manually.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://mail.python.org/pipermail/mailman-announce/2001-July/000028.html
http://mail.python.org/pipermail/mailman-announce/2001-March/000022.html
http://mail.python.org/pipermail/mailman-announce/2001-May/000026.html
http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:420
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51582
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2001:420
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2001:420. Mailman is a mailing list manager. This update fixes two security problems and some other issues not related to security: 1. Versions prior do 2.0.2 (affects CL<=6.0) have a vulnerability which allows a list administrador to obtain the list password of a subscriber. This is not a regular security problem because the list administrator does not need that password to gain access to a user's subscription, but it is quite possible that the user shares this password with other services, such as an email account, even though the web interface gives a clear warning about this password and how it is handled (by default, the password is mailed out every month). 2. Versions prior do 2.0.6 (affects CL<=7.0) have a vulnerability which could allow non-authorized users to gain access to the administrative interface of a list. For this to happen, the global password (located in the data/adm.pw file) has to be empty, which is not very likely. If it is empty, the administrative interface will accept any password as valid. 3. This update also brings a logrotate configuration file to our mailman package. This will regularly rotate the logs in /usr/lib/mailman/logs. 4. Version 2.0.5 (affects CL<=7.0) fixed a problem with stale lock files which can cause a list to be inaccessible for long periods of time until the lock expires or is removed manually. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://mail.python.org/pipermail/mailman-announce/2001-July/000028.html http://mail.python.org/pipermail/mailman-announce/2001-March/000022.html http://mail.python.org/pipermail/mailman-announce/2001-May/000026.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2001:420 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com