English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870398
Category:Red Hat Local Security Checks
Title:RedHat Update for mailman RHSA-2011:0307-01
Summary:The remote host is missing an update for the 'mailman'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'mailman'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mailman is a program used to help manage email discussion lists.

Multiple input sanitization flaws were found in the way Mailman displayed
usernames of subscribed users on certain pages. If a user who is subscribed
to a mailing list were able to trick a victim into visiting one of those
pages, they could perform a cross-site scripting (XSS) attack against the
victim. (CVE-2011-0707)

Multiple input sanitization flaws were found in the way Mailman displayed
mailing list information. A mailing list administrator could use this flaw
to conduct a cross-site scripting (XSS) attack against victims viewing a
list's 'listinfo' page. (CVE-2008-0564, CVE-2010-3089)

Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and
CVE-2010-3089 issues.

Users of mailman should upgrade to this updated package, which contains
backported patches to correct these issues.

Affected Software/OS:
mailman on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0564
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 27630
http://www.securityfocus.com/bid/27630
Bugtraq: 20080215 rPSA-2008-0056-1 mailman (Google Search)
http://www.securityfocus.com/archive/1/488236/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061
http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html
http://www.redhat.com/support/errata/RHSA-2011-0307.html
http://secunia.com/advisories/28794
http://secunia.com/advisories/28916
http://secunia.com/advisories/28966
http://secunia.com/advisories/29249
http://secunia.com/advisories/29388
http://secunia.com/advisories/31687
http://secunia.com/advisories/43549
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-586-1
http://www.vupen.com/english/advisories/2008/0422
http://www.vupen.com/english/advisories/2011/0542
Common Vulnerability Exposure (CVE) ID: CVE-2010-3089
41265
http://secunia.com/advisories/41265
42502
http://secunia.com/advisories/42502
43294
http://secunia.com/advisories/43294
43425
http://secunia.com/advisories/43425
43549
43580
http://secunia.com/advisories/43580
ADV-2010-3271
http://www.vupen.com/english/advisories/2010/3271
ADV-2011-0436
http://www.vupen.com/english/advisories/2011/0436
ADV-2011-0460
http://www.vupen.com/english/advisories/2011/0460
ADV-2011-0542
APPLE-SA-2011-03-21-1
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
DSA-2170
http://www.debian.org/security/2011/dsa-2170
FEDORA-2010-14834
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html
FEDORA-2010-14877
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html
RHSA-2011:0307
RHSA-2011:0308
http://www.redhat.com/support/errata/RHSA-2011-0308.html
SUSE-SR:2011:009
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
USN-1069-1
http://www.ubuntu.com/usn/USN-1069-1
[mailman-announce] 20100905 Mailman security patch.
http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html
[mailman-announce] 20100909 Mailman security patch.
http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html
[oss-security] 20100913 CVE Request: mailman
http://marc.info/?l=oss-security&m=128438736513097&w=2
[oss-security] 20100913 Re: CVE Request: mailman
http://marc.info/?l=oss-security&m=128440851513718&w=2
http://marc.info/?l=oss-security&m=128441135117819&w=2
http://marc.info/?l=oss-security&m=128441237618793&w=2
http://marc.info/?l=oss-security&m=128441369020123&w=2
http://support.apple.com/kb/HT4581
https://bugzilla.redhat.com/show_bug.cgi?id=631859
https://bugzilla.redhat.com/show_bug.cgi?id=631881
https://launchpad.net/mailman/+milestone/2.1.14rc1
openSUSE-SU-2011:0424
http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0707
1025106
http://www.securitytracker.com/id?1025106
43389
http://secunia.com/advisories/43389
43829
http://secunia.com/advisories/43829
46464
http://www.securityfocus.com/bid/46464
70936
http://osvdb.org/70936
ADV-2011-0435
http://www.vupen.com/english/advisories/2011/0435
ADV-2011-0487
http://www.vupen.com/english/advisories/2011/0487
ADV-2011-0720
http://www.vupen.com/english/advisories/2011/0720
APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
FEDORA-2011-2030
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html
FEDORA-2011-2102
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html
FEDORA-2011-2125
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html
MDVSA-2011:036
http://www.mandriva.com/security/advisories?name=MDVSA-2011:036
[mailman-announce] 20110213 Mailman Security Patch Announcement
http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html
[mailman-announce] 20110218 Mailman Security Patch Announcement
http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html
http://support.apple.com/kb/HT5002
mailman-fullname-xss(65538)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65538
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.