Test ID:	1.3.6.1.4.1.25623.1.0.57390
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-345-1 (mailman)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mailman announced via advisory USN-345-1. A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various cross-site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator's web browser. (CVE-2006-3636) URLs logged to the error log file are now checked for invalid characters. Before, specially crafted URLs could inject arbitrary messages into the log. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: mailman 2.1.5-7ubuntu0.3 Ubuntu 5.10: mailman 2.1.5-8ubuntu2.3 Ubuntu 6.06 LTS: mailman 2.1.5-9ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-345-1 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2941 1016808 http://securitytracker.com/id?1016808 19831 http://www.securityfocus.com/bid/19831 21732 http://secunia.com/advisories/21732 21792 http://secunia.com/advisories/21792 21837 http://secunia.com/advisories/21837 21879 http://secunia.com/advisories/21879 22011 http://secunia.com/advisories/22011 22020 http://secunia.com/advisories/22020 22639 http://secunia.com/advisories/22639 ADV-2006-3446 http://www.vupen.com/english/advisories/2006/3446 GLSA-200609-12 http://security.gentoo.org/glsa/glsa-200609-12.xml MDKSA-2006:165 http://www.mandriva.com/security/advisories?name=MDKSA-2006:165 RHSA-2006:0600 http://rhn.redhat.com/errata/RHSA-2006-0600.html SUSE-SR:2006:025 http://www.novell.com/linux/security/advisories/2006_25_sr.html USN-345-1 http://www.ubuntu.com/usn/usn-345-1 [Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9 http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295 http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923 mailman-headers-dos(28732) https://exchange.xforce.ibmcloud.com/vulnerabilities/28732 oval:org.mitre.oval:def:9912 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9912 Common Vulnerability Exposure (CVE) ID: CVE-2006-3636 20021 http://www.securityfocus.com/bid/20021 20060913 Mailman 2.1.8 Multiple Security Issues http://www.securityfocus.com/archive/1/445992/100/0/threaded 22227 http://secunia.com/advisories/22227 DSA-1188 http://www.debian.org/security/2006/dsa-1188 http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt mailman-unspecified-xss(28731) https://exchange.xforce.ibmcloud.com/vulnerabilities/28731 oval:org.mitre.oval:def:10553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.