ID de Prueba:	1.3.6.1.4.1.25623.1.0.69053
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0307
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0307. Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707) Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's listinfo page. (CVE-2008-0564, CVE-2010-3089) Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and CVE-2010-3089 issues. Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0307.html Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0564 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 27630 http://www.securityfocus.com/bid/27630 Bugtraq: 20080215 rPSA-2008-0056-1 mailman (Google Search) http://www.securityfocus.com/archive/1/488236/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061 http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html http://www.redhat.com/support/errata/RHSA-2011-0307.html http://secunia.com/advisories/28794 http://secunia.com/advisories/28916 http://secunia.com/advisories/28966 http://secunia.com/advisories/29249 http://secunia.com/advisories/29388 http://secunia.com/advisories/31687 http://secunia.com/advisories/43549 SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.ubuntu.com/usn/usn-586-1 http://www.vupen.com/english/advisories/2008/0422 http://www.vupen.com/english/advisories/2011/0542 Common Vulnerability Exposure (CVE) ID: CVE-2010-3089 41265 http://secunia.com/advisories/41265 42502 http://secunia.com/advisories/42502 43294 http://secunia.com/advisories/43294 43425 http://secunia.com/advisories/43425 43549 43580 http://secunia.com/advisories/43580 ADV-2010-3271 http://www.vupen.com/english/advisories/2010/3271 ADV-2011-0436 http://www.vupen.com/english/advisories/2011/0436 ADV-2011-0460 http://www.vupen.com/english/advisories/2011/0460 ADV-2011-0542 APPLE-SA-2011-03-21-1 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html DSA-2170 http://www.debian.org/security/2011/dsa-2170 FEDORA-2010-14834 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html FEDORA-2010-14877 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html RHSA-2011:0307 RHSA-2011:0308 http://www.redhat.com/support/errata/RHSA-2011-0308.html SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html USN-1069-1 http://www.ubuntu.com/usn/USN-1069-1 [mailman-announce] 20100905 Mailman security patch. http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html [mailman-announce] 20100909 Mailman security patch. http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html [oss-security] 20100913 CVE Request: mailman http://marc.info/?l=oss-security&m=128438736513097&w=2 [oss-security] 20100913 Re: CVE Request: mailman http://marc.info/?l=oss-security&m=128440851513718&w=2 http://marc.info/?l=oss-security&m=128441135117819&w=2 http://marc.info/?l=oss-security&m=128441237618793&w=2 http://marc.info/?l=oss-security&m=128441369020123&w=2 http://support.apple.com/kb/HT4581 https://bugzilla.redhat.com/show_bug.cgi?id=631859 https://bugzilla.redhat.com/show_bug.cgi?id=631881 https://launchpad.net/mailman/+milestone/2.1.14rc1 openSUSE-SU-2011:0424 http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2011-0707 1025106 http://www.securitytracker.com/id?1025106 43389 http://secunia.com/advisories/43389 43829 http://secunia.com/advisories/43829 46464 http://www.securityfocus.com/bid/46464 70936 http://osvdb.org/70936 ADV-2011-0435 http://www.vupen.com/english/advisories/2011/0435 ADV-2011-0487 http://www.vupen.com/english/advisories/2011/0487 ADV-2011-0720 http://www.vupen.com/english/advisories/2011/0720 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html FEDORA-2011-2030 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html FEDORA-2011-2102 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html FEDORA-2011-2125 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html MDVSA-2011:036 http://www.mandriva.com/security/advisories?name=MDVSA-2011:036 [mailman-announce] 20110213 Mailman Security Patch Announcement http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html [mailman-announce] 20110218 Mailman Security Patch Announcement http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html http://support.apple.com/kb/HT5002 mailman-fullname-xss(65538) https://exchange.xforce.ibmcloud.com/vulnerabilities/65538
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.