Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes Mailman Denial of Service Vulnerability

Title : Mandriva Security Update Fixes Mailman Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2005-2706
CVE ID : CVE-2005-3573
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-03

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

Mandriva has released updated packages to address a vulnerability identified in Mailman. This flaw is due to an input validation error in the "Scrubber.py" script that does not properly handle an email containing an attachment with "utf8" characters in its filename, which could be exploited by remote attackers to cause a denial of service by sending a specially crafted email to a vulnerable server. For additional information, see : VUPEN/ADV-2005-2404

Affected Products

Mandriva Linux 10.1
Mandriva Linux 10.2
Mandriva Linux 2006.0
Corporate 3.0

Solution

Upgrade the affected packages :
Mandriva Linux 10.1:
b62f2bdad4a9295bcedec597f5479843 10.1/RPMS/mailman-2.1.5-7.5.101mdk.i586.rpm
4ebd694b50ccbc9f2b602676840c4bc9 10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
a887edf3dd65a418c441fae7588f7e5e x86_64/10.1/RPMS/mailman-2.1.5-7.5.101mdk.x86_64.rpm
4ebd694b50ccbc9f2b602676840c4bc9 x86_64/10.1/SRPMS/mailman-2.1.5-7.5.101mdk.src.rpm
Mandriva Linux 10.2:
99e3dbde709dfa5eb7bd71041adf41be 10.2/RPMS/mailman-2.1.5-15.2.102mdk.i586.rpm
c01867687ff9c78b4c1e2da9d70c4f11 10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
c66dd1916ba0d8ecf8796b1890a064fd x86_64/10.2/RPMS/mailman-2.1.5-15.2.102mdk.x86_64.rpm
c01867687ff9c78b4c1e2da9d70c4f11 x86_64/10.2/SRPMS/mailman-2.1.5-15.2.102mdk.src.rpm
Mandriva Linux 2006.0:
f917270b5334f62843bbdb4a06d12ae0 2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.i586.rpm
15bc0be9373657ac39a9e3956de90801 2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
e92b1dd1ae0bfe3bbc61ba5d6f3b52c3 x86_64/2006.0/RPMS/mailman-2.1.6-6.2.20060mdk.x86_64.rpm
15bc0be9373657ac39a9e3956de90801 x86_64/2006.0/SRPMS/mailman-2.1.6-6.2.20060mdk.src.rpm
Corporate 3.0:
867bdc1fe018e94eb4d5352fc69747ae corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.i586.rpm
572477eb207dadbabc22b0e53b0c2b2b corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
8a4cc67f45481e9d4b25c41e80f54809 x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.5.C30mdk.x86_64.rpm
572477eb207dadbabc22b0e53b0c2b2b x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.5.C30mdk.src.rpm

References

http://www.vupen.com/english/advisories/2005/2706
http://www.frsirt.com/english/reference/1847

ChangeLog

2005-12-03 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy