Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:013 (mailman)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50650

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:013 (mailman)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mailman
announced via advisory MDKSA-2004:013.

A cross-site scripting vulnerability was discovered in mailman's
administration interface (CVE-2003-0965). This affects version 2.1
earlier than 2.1.4.

Certain malformed email commands could cause the mailman process to
crash. (CVE-2003-0991). This affects version 2.0 earler than 2.0.14.

Another cross-site scripting vulnerability was found in mailman's
'create' CGI script (CVE-2003-0992). This affects version 2.1
earlier than 2.1.3.

Affected versions: 9.1, 9.2, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0992

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0965
BugTraq ID: 9336
http://www.securityfocus.com/bid/9336
Conectiva Linux advisory: CLA-2004:842
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
Debian Security Information: DSA-436 (Google Search)
http://www.debian.org/security/2004/dsa-436
http://www.mandriva.com/security/advisories?name=MDKSA-2004:013
http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html
http://www.osvdb.org/3305
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813
http://www.redhat.com/support/errata/RHSA-2004-020.html
http://secunia.com/advisories/10519
XForce ISS Database: mailman-admin-xss(14121)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14121
Common Vulnerability Exposure (CVE) ID: CVE-2003-0991
BugTraq ID: 9620
http://www.securityfocus.com/bid/9620
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013
http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html
http://www.redhat.com/support/errata/RHSA-2004-019.html
SGI Security Advisory: 20040201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
XForce ISS Database: mailman-command-handler-dos(15106)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15106
Common Vulnerability Exposure (CVE) ID: CVE-2003-0992
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50650
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:013 (mailman)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mailman announced via advisory MDKSA-2004:013. A cross-site scripting vulnerability was discovered in mailman's administration interface (CVE-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CVE-2003-0991). This affects version 2.0 earler than 2.0.14. Another cross-site scripting vulnerability was found in mailman's 'create' CGI script (CVE-2003-0992). This affects version 2.1 earlier than 2.1.3. Affected versions: 9.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:013 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0991 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0992 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0965 BugTraq ID: 9336 http://www.securityfocus.com/bid/9336 Conectiva Linux advisory: CLA-2004:842 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 Debian Security Information: DSA-436 (Google Search) http://www.debian.org/security/2004/dsa-436 http://www.mandriva.com/security/advisories?name=MDKSA-2004:013 http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html http://www.osvdb.org/3305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813 http://www.redhat.com/support/errata/RHSA-2004-020.html http://secunia.com/advisories/10519 XForce ISS Database: mailman-admin-xss(14121) https://exchange.xforce.ibmcloud.com/vulnerabilities/14121 Common Vulnerability Exposure (CVE) ID: CVE-2003-0991 BugTraq ID: 9620 http://www.securityfocus.com/bid/9620 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013 http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html http://www.redhat.com/support/errata/RHSA-2004-019.html SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc XForce ISS Database: mailman-command-handler-dos(15106) https://exchange.xforce.ibmcloud.com/vulnerabilities/15106 Common Vulnerability Exposure (CVE) ID: CVE-2003-0992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com