Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:222 (mailman)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55932

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:222 (mailman)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mailman
announced via advisory MDKSA-2005:222.

Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8
character encodings in filenames of e-mail attachments, which allows
remote attackers to cause a denial of service. (CVE-2005-3573)

In addition, these versions of mailman have an issue where the server
will fail with an Overflow on bad date data in a processed message.

The version of mailman in Corporate Server 2.1 does not contain the
above vulnerable code.

Updated packages are patched to correct these issues.

Affected: 10.1, 10.2, 2006.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:222

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 15408
Common Vulnerability Exposure (CVE) ID: CVE-2005-3573
http://www.securityfocus.com/bid/15408
Debian Security Information: DSA-955 (Google Search)
http://www.debian.org/security/2006/dsa-955
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222
http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
http://www.osvdb.org/20819
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038
http://www.redhat.com/support/errata/RHSA-2006-0204.html
http://securitytracker.com/id?1015735
http://secunia.com/advisories/17511
http://secunia.com/advisories/17874
http://secunia.com/advisories/18456
http://secunia.com/advisories/18503
http://secunia.com/advisories/18612
http://secunia.com/advisories/19167
http://secunia.com/advisories/19196
http://secunia.com/advisories/19532
SGI Security Advisory: 20060401-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
SuSE Security Announcement: SUSE-SR:2006:001 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html
http://www.trustix.org/errata/2006/0012/
http://www.ubuntu.com/usn/usn-242-1
http://www.vupen.com/english/advisories/2005/2404
XForce ISS Database: mailman-utf8-scrubber-dos(23139)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23139

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55932
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:222 (mailman)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mailman announced via advisory MDKSA-2005:222. Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues. Affected: 10.1, 10.2, 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:222 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 15408 Common Vulnerability Exposure (CVE) ID: CVE-2005-3573 http://www.securityfocus.com/bid/15408 Debian Security Information: DSA-955 (Google Search) http://www.debian.org/security/2006/dsa-955 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222 http://mail.python.org/pipermail/mailman-users/2005-September/046523.html http://www.osvdb.org/20819 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038 http://www.redhat.com/support/errata/RHSA-2006-0204.html http://securitytracker.com/id?1015735 http://secunia.com/advisories/17511 http://secunia.com/advisories/17874 http://secunia.com/advisories/18456 http://secunia.com/advisories/18503 http://secunia.com/advisories/18612 http://secunia.com/advisories/19167 http://secunia.com/advisories/19196 http://secunia.com/advisories/19532 SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U SuSE Security Announcement: SUSE-SR:2006:001 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html http://www.trustix.org/errata/2006/0012/ http://www.ubuntu.com/usn/usn-242-1 http://www.vupen.com/english/advisories/2005/2404 XForce ISS Database: mailman-utf8-scrubber-dos(23139) https://exchange.xforce.ibmcloud.com/vulnerabilities/23139
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com