Bug 198344 - CVE-2006-2941 Mailman DoS
CVE-2006-2941 Mailman DoS
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: mailman (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Reopened, Security
Depends On:
  Show dependency treegraph
Reported: 2006-07-11 05:37 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHSA-2006-0600
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-06 15:52:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2006-07-11 05:37:45 EDT
Ubuntu reported a possible Mailman DoS where a malformed message can cause the
mailman server to stop sending out email.  Currently embargoed with no proposed

Also may affect RHEL3, RHEL2.1
Comment 1 Mark J. Cox (Product Security) 2006-07-11 05:37:45 EDT
Created attachment 132224 [details]
Proposed patch from Ubuntu
Comment 3 Mark J. Cox (Product Security) 2006-07-11 07:05:12 EDT
embargo 20060718 1400 UTC
Comment 6 Mark J. Cox (Product Security) 2006-07-18 08:32:53 EDT
Embargo may be extended by request of Barry Warsaw.  Please don't open this bug
at this time.
Comment 7 Harald Hoyer 2006-07-21 10:10:35 EDT
Ok, wrote some test cases. RHEL3 and RHEL4 are _NOT_ vulnerable, cause
python-2.3.4-14 has a email/Message.py which does not backtrace with strange
Comment 8 Harald Hoyer 2006-07-21 10:32:31 EDT
RHEL3's python-2.2.3-5 also does not backtrace..
Comment 9 Harald Hoyer 2006-07-21 11:06:03 EDT
mailman from RHEL2.1 does not save attachements and does not parse any mime
message headers.
Comment 10 Harald Hoyer 2006-07-21 11:07:13 EDT
RHSA-2006:0600 is free for other things... sorry about the false alarm. I just
checked, if the patch would apply.
Comment 11 Harald Hoyer 2006-07-21 11:46:15 EDT
ok, now I have a better testcase... :-/ traceback..
Comment 12 Harald Hoyer 2006-07-21 12:12:58 EDT
Created attachment 132821 [details]
test case for traceback of pythons email.Message.get_filename()
Comment 13 Harald Hoyer 2006-07-26 07:51:29 EDT
Created attachment 133066 [details]
test case for CVE-2006-2941
Comment 17 Mark J. Cox (Product Security) 2006-09-06 05:13:47 EDT
public, removing embargo
Comment 18 Red Hat Bugzilla 2006-09-06 15:52:53 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.