paul Posted September 19, 2006 Report Share Posted September 19, 2006 A flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941). As well, a number of XSS (cross-site scripting) issues were discovered that could be exploited to perform XSS attacks against the Mailman administrator (CVE-2006-3636). Finally, a CRLF injection vulnerability allows remote attackers to spoof messages in the error log (CVE-2006-4624). Updated packages have been patched to address these issues. Link to comment Share on other sites More sharing options...
Recommended Posts