Vulnerabilities > CVE-2005-3573 - Unspecified vulnerability in GNU Mailman
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN gnu
nessus
Summary
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-242-1.NASL description Aliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. (CVE-2005-3573) Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash. (CVE-2005-4153). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20789 published 2006-01-21 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20789 title Ubuntu 4.10 / 5.04 / 5.10 : mailman vulnerabilities (USN-242-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-242-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20789); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-3573", "CVE-2005-4153"); script_xref(name:"USN", value:"242-1"); script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : mailman vulnerabilities (USN-242-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Aliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. (CVE-2005-3573) Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash. (CVE-2005-4153). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"solution", value:"Update the affected mailman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mailman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2006/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"mailman", pkgver:"2.1.5-1ubuntu2.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mailman", pkgver:"2.1.5-7ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"mailman", pkgver:"2.1.5-8ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0204.NASL description An updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21034 published 2006-03-08 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21034 title RHEL 3 / 4 : mailman (RHSA-2006:0204) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0204. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(21034); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-3573", "CVE-2005-4153"); script_xref(name:"RHSA", value:"2006:0204"); script_name(english:"RHEL 3 / 4 : mailman (RHSA-2006:0204)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3573" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-4153" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0204" ); script_set_attribute( attribute:"solution", value:"Update the affected mailman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mailman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/03/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0204"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"mailman-2.1.5.1-25.rhel3.4")) flag++; if (rpm_check(release:"RHEL4", reference:"mailman-2.1.5.1-34.rhel4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0204.NASL description An updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21892 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21892 title CentOS 3 / 4 : mailman (CESA-2006:0204) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0204 and # CentOS Errata and Security Advisory 2006:0204 respectively. # include("compat.inc"); if (description) { script_id(21892); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2005-3573", "CVE-2005-4153"); script_xref(name:"RHSA", value:"2006:0204"); script_name(english:"CentOS 3 / 4 : mailman (CESA-2006:0204)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated mailman package that fixes two security issues is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-March/012697.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e739d5f1" ); # https://lists.centos.org/pipermail/centos-announce/2006-March/012698.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b7a11a7" ); # https://lists.centos.org/pipermail/centos-announce/2006-March/012699.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?38ec0f87" ); # https://lists.centos.org/pipermail/centos-announce/2006-March/012701.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b61e4fc9" ); # https://lists.centos.org/pipermail/centos-announce/2006-March/012727.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1f99b75e" ); # https://lists.centos.org/pipermail/centos-announce/2006-March/012734.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9277b2f1" ); script_set_attribute( attribute:"solution", value:"Update the affected mailman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mailman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"mailman-2.1.5.1-25.rhel3.4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mailman-2.1.5.1-34.rhel4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-222.NASL description Scrubber.py in Mailman 2.1.4 - 2.1.6 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service. (CVE-2005-3573) In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 does not contain the above vulnerable code. Updated packages are patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20453 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20453 title Mandrake Linux Security Advisory : mailman (MDKSA-2005:222) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-955.NASL description Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash. The old stable distribution (woody) is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22821 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22821 title Debian DSA-955-1 : mailman - DoS
Oval
| accepted | 2013-04-29T04:00:46.192-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10038 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html
- http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
- http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
- http://secunia.com/advisories/17511
- http://secunia.com/advisories/17511
- http://secunia.com/advisories/17874
- http://secunia.com/advisories/17874
- http://secunia.com/advisories/18456
- http://secunia.com/advisories/18456
- http://secunia.com/advisories/18503
- http://secunia.com/advisories/18503
- http://secunia.com/advisories/18612
- http://secunia.com/advisories/18612
- http://secunia.com/advisories/19167
- http://secunia.com/advisories/19167
- http://secunia.com/advisories/19196
- http://secunia.com/advisories/19196
- http://secunia.com/advisories/19532
- http://secunia.com/advisories/19532
- http://securitytracker.com/id?1015735
- http://securitytracker.com/id?1015735
- http://www.debian.org/security/2006/dsa-955
- http://www.debian.org/security/2006/dsa-955
- http://www.osvdb.org/20819
- http://www.osvdb.org/20819
- http://www.redhat.com/support/errata/RHSA-2006-0204.html
- http://www.redhat.com/support/errata/RHSA-2006-0204.html
- http://www.securityfocus.com/bid/15408
- http://www.securityfocus.com/bid/15408
- http://www.trustix.org/errata/2006/0012/
- http://www.trustix.org/errata/2006/0012/
- http://www.ubuntu.com/usn/usn-242-1
- http://www.ubuntu.com/usn/usn-242-1
- http://www.vupen.com/english/advisories/2005/2404
- http://www.vupen.com/english/advisories/2005/2404
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23139
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038