 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51618 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 3 FEDORA-2005-132 (mailman) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to mailman announced via advisory FEDORA-2005-132. There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files. The extent of the vulnerability depends on what version of Apache (httpd) you are running, and (possibly) how you have configured your web server. It is believed the vulnerability is not available when Mailman is paired with a version of Apache >= 2.0, however earlier versions of Apache, e.g. version 1.3, will allow the exploit when executing a Mailman CGI script. All versions of Fedora have shipped with the later 2.0 version of Apache and thus if you are running a Fedora release you are not likely to be vulnerable to the exploit unless you have explicitly downgraded the version of your web server. However, installing this version of mailman with a security patch represents a prudent safeguard. This issue has been assigned CVE number CVE-2005-0202. The bug report associated with this is: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=147343 The errata associated with this for RHEL releases is: http://rhn.redhat.com/errata/RHSA-2005-136.html For additional piece of mind, it is recommended that you regenerate your list member passwords. Instructions on how to do this, and more information about this vulnerability are available here: http://www.list.org/security.html This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://fedoranews.org/blog/index.php?p=389 Risk factor : Medium CVSS Score: 5.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0202 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html Bugtraq: 20050209 [USN-78-1] Mailman vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110805795122386&w=2 Debian Security Information: DSA-674 (Google Search) http://www.debian.org/security/2005/dsa-674 http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10657 http://www.redhat.com/support/errata/RHSA-2005-136.html http://www.redhat.com/support/errata/RHSA-2005-137.html http://securitytracker.com/id?1013145 http://secunia.com/advisories/14211 SuSE Security Announcement: SUSE-SA:2005:007 (Google Search) http://www.novell.com/linux/security/advisories/2005_07_mailman.html |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |