mailman: error log spoof

Package(s):

mailman

CVE #(s):

CVE-2006-4624

Created:

November 15, 2007

Updated:

November 21, 2007

Description:

The Mailman mailing list manager is vulnerable to log file spoofing. A remote attacker can insert carriage return/line feed sequences, causing invalid error log messages to be recorded. This makes it possible to trick the administrator into visiting malicious URLs.

Alerts:

Red Hat

RHSA-2007:0779-02

mailman

2007-11-15

mailman: error log spoof

Posted Dec 9, 2007 16:37 UTC (Sun) by kreutzm (guest, #4700) [Link]

This is not present in Debian Stable and has been fixed in DSA 1188 for Debian Oldstable.