Vulnerabilities > CVE-2003-0991 - Remote Denial Of Service vulnerability in GNU Mailman Malformed Message

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

gnu

sgi

nessus

NVD

Published: 2004-03-03

Updated: 2017-10-10

Summary

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Mailman 1.0 GNU Mailman 1.1 GNU Mailman 2.0 GNU Mailman 2.0.1 GNU Mailman 2.0.2 GNU Mailman 2.0.3 GNU Mailman 2.0.4 GNU Mailman 2.0.5 GNU Mailman 2.0.6 GNU Mailman 2.0.7 GNU Mailman 2.0.8 GNU Mailman 2.0.9 GNU Mailman 2.0.10 GNU Mailman 2.0.11 GNU Mailman 2.0.12 GNU Mailman 2.0.13 GNU Mailman 2.1	20
Application	Sgi SGI Propack 2.3	1

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-019.NASL
description	Updated mailman packages that close a DoS vulnerability present in mailman versions prior to version 2.1 are now available. Mailman is a mailing list manager. Matthew Galgoci of Red Hat discovered a Denial of Service (DoS) vulnerability in versions of Mailman prior to 2.1. An attacker could send a carefully-crafted message causing mailman to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0991 to this issue. Users of Mailman are advised to upgrade to the erratum packages, which include a backported security fix and are not vulnerable to this issue. Red Hat would like to thank Barry Warsaw for providing a patch for this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	12452
published	2004-07-06
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/12452
title	RHEL 2.1 : mailman (RHSA-2004:019)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:019. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12452); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0991"); script_xref(name:"RHSA", value:"2004:019"); script_name(english:"RHEL 2.1 : mailman (RHSA-2004:019)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated mailman packages that close a DoS vulnerability present in mailman versions prior to version 2.1 are now available. Mailman is a mailing list manager. Matthew Galgoci of Red Hat discovered a Denial of Service (DoS) vulnerability in versions of Mailman prior to 2.1. An attacker could send a carefully-crafted message causing mailman to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0991 to this issue. Users of Mailman are advised to upgrade to the erratum packages, which include a backported security fix and are not vulnerable to this issue. Red Hat would like to thank Barry Warsaw for providing a patch for this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0991" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:019" ); script_set_attribute( attribute:"solution", value:"Update the affected mailman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mailman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2004/02/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:019"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mailman-2.0.13-5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman"); } }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-156.NASL
description	An updated mailman package that closes a DoS vulnerability in mailman introduced by RHSA-2004:019 is now available. Mailman is a mailing list manager. On February 19 2004, Red Hat issued security erratum RHSA-2004:019 to correct a DoS (Denial of Service) vulnerability where an attacker could send a carefully-crafted message and cause mailman to crash. Matthew Saltzman discovered a flaw in our original patch intended to correct this vulnerability. This flaw can cause mailman to crash if it receives an email destined for a list with an empty subject field. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0182 to this issue. Users of Mailman are advised to upgrade to these updated packages, which include an updated patch and are not vulnerable to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	12485
published	2004-07-06
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/12485
title	RHEL 2.1 : mailman (RHSA-2004:156)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_MAILMAN_21.NASL
description	The following package needs to be updated: mailman
last seen	2016-09-26
modified	2004-07-06
plugin id	12567
published	2004-07-06
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=12567
title	FreeBSD : mailman denial-of-service vulnerability in MailCommandHandler (101)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-436.NASL
description	Several vulnerabilities have been fixed in the mailman package : - CAN-2003-0038 - potential cross-site scripting via certain CGI parameters (not known to be exploitable in this version) - CAN-2003-0965 - cross-site scripting in the administrative interface - CAN-2003-0991 - certain malformed email commands could cause the mailman process to crash The cross-site scripting vulnerabilities could allow an attacker to perform administrative operations without authorization, by stealing a session cookie.
last seen	2020-06-01
modified	2020-06-02
plugin id	15273
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15273
title	Debian DSA-436-1 : mailman - several vulnerabilities

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_B0E7687767A811D880E30020ED76EF5A.NASL
description	A malformed message could cause mailman to crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	37934
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/37934
title	FreeBSD : mailman denial-of-service vulnerability in MailCommandHandler (b0e76877-67a8-11d8-80e3-0020ed76ef5a)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-013.NASL
description	A cross-site scripting vulnerability was discovered in mailman
last seen	2020-06-01
modified	2020-06-02
plugin id	14113
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14113
title	Mandrake Linux Security Advisory : mailman (MDKSA-2004:013)

Redhat

advisories

rhsa

id	RHSA-2004:019

Summary

Vulnerable Configurations

Nessus

Redhat

References