Mailman DoS allows remote attackers to cause a denial of service by using multipart MIME message with a single part MIME message. Mailman cross site scripting bug allows remote attackers to inject arbitrary web script in the form ofaction argument. In Mailman Denial of Service application crash and server message "fail with an Overflow on bad date data in a processed message". http://www.redhat.com/archives/fedora-test-list/2006-May/msg00131.html http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00134.htm http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00135.html
please check it https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173140 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188605 and https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187421
In addition to the vulnerabilities mentioned above, since the last update of mailman done by legacy for RHL 7.3, RHL 9, and FC1 in Feb, 2005 and released in July, 2005 (that fixed CAN-2005-0202), another bug had been found and fixed in FC2 and FC3 - CAN-2004-1177 (See Bug # 151643 for FC and Bug #147833 for RHEL). (<http://www.redhat.com/archives/fedora-announce-list/2005-March/msg00058.html>) "A cross-site scripting (XSS) flaw in the driver script of mailman prior to version 2.1.5 could allow remote attackers to execute scripts as other web users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1177 to this issue. "Users of mailman should update to this erratum package, which corrects this issue by turning on STEALTH_MODE by default and using Utils.websafe() to quote the html." The only Legacy packages which may be affected by CAN-2004-1177 are these: * mailman-2.0.13-7.legacy (RHL 7.3, built 11-Feb-2005) * mailman-2.0.13-7.legacy (RHL 9, built 10-Feb-2005) * mailman-2.1.5-8.legacy (FC 1, built 10-Feb-2005) with Red Hat already having applied fixes for CAN-2004-1177 for these: * mailman-2.1.5-10.fc2 (FC 2, built 22-Mar-2005) * mailman-2.1.5-32.fc3 (FC 3, built 22-Mar-2005).
Typo in comment #2. The RHL 9 version of mailman build 10-Feb-2005, which is likely vulnerable to CAN-2004-1177 is mailman-2.1.1-8.legacy.
----------- For CVE-2005-3573 and CVE-2005-4153, on 7-Mar-2006 RH issued RHSA-2006-0204 for RHEL 3 & 4, <http://rhn.redhat.com/errata/RHSA-2006-0204.html>: "A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. "A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). "Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues." RH did not issue updates for the RHEL 2.1 version in this RHSA, so this issue may not affect RHL 7.3. These two CVE's likely affect RHL 9, FC1, FC2, & FC3. RHEL 3: mailman-2.1.5.1-25.rhel3.4.src.rpm RHEL 4: mailman-2.1.5.1-34.rhel4.2.src.rpm ---------- For CVE-2006-0052 - "The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary." RedHat currently has Bug #187420 open for this issue for RHEL 3 & 4. According to Josh Bressers in Bug 187420 comment #0, this was fixed in mailman 2.1.6, and here is the patch: http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/Mailman/Handlers/Scrubber.py?r1=2.18.2.12&r2=2.18.2.13 Again, this issue may not affect RHL 7.3, as no mention of RHEL 2.1 is made in this bug 187420. This CVE likely affects RHL 9, FC1, FC2, & FC3. From Bug 187420 comment #3, it appears these versions are in testing as of now: RHEL 3: mailman-2.1.5.1-25.rhel3.5 RHEL 4: mailman-2.1.5.1-34.rhel4.3 Reference: Bugtraq ID 17311, http://www.securityfocus.com/bid/17311 --------- For CVE-2006-1712 -- "Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument." We may need to research whether this bug affects any of our Legacy distros; since it claims it only affects Mailman 2.1.7, it may not affect us. Josh Bressers indicates a patch is in Attachment 127627 [details] (Bug 188605 comment #1). Reference: Bugtraq ID 17403, http://www.securityfocus.com/bid/17403
*** Bug 194103 has been marked as a duplicate of this bug. ***
Fedora Legacy project has been discontinued. The recent Fedora products are shipped with Mailman 2.1.9 or newer wich is not affected by the mentioned issues.