Vulnerabilities > CVE-2006-0052 - Denial Of Service vulnerability in GNU Mailman Attachment Scrubber Malformed MIME Message
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-061.NASL description Scrubber.py, in Mailman 2.1.5 and earlier, when using email 2.5 (part of Python), is susceptible to a DoS (mailman service stops delivering for the list in question) if it encounters a badly formed mime multipart message with only one part and that part has two blank lines between the first boundary and the end boundary. Updated packages have been patched to correct this issue. last seen 2017-10-29 modified 2012-09-07 plugin id 21176 published 2006-04-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=21176 title MDKSA-2006:061 : mailman code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated update is not # for a supported release of Mandrake / Mandriva Linux. # # Disabled on 2012/09/06. # # # (C) Tenable Network Security, Inc. # # This script was automatically generated from # Mandrake Linux Security Advisory MDKSA-2006:061. # if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(21176); script_version ("1.14"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2006-0052"); script_name(english:"MDKSA-2006:061 : mailman"); script_summary(english:"Checks for patch(es) in 'rpm -qa' output"); script_set_attribute(attribute:"synopsis", value: "The remote Mandrake host is missing one or more security-related patches."); script_set_attribute(attribute:"description", value: "Scrubber.py, in Mailman 2.1.5 and earlier, when using email 2.5 (part of Python), is susceptible to a DoS (mailman service stops delivering for the list in question) if it encounters a badly formed mime multipart message with only one part and that part has two blank lines between the first boundary and the end boundary. Updated packages have been patched to correct this issue."); script_set_attribute(attribute:"see_also", value:"http://www.mandriva.com/security/advisories?name=MDKSA-2006:061"); script_set_attribute(attribute:"solution", value:"Update the affected package(s)."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/29"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/04/04"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/01/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Mandriva Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } # Deprecated. exit(0, "The associated update is not currently for a supported release of Mandrake / Mandriva Linux."); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/Mandrake/release")) exit(0, "The host is not running Mandrake Linux."); if (!get_kb_item("Host/Mandrake/rpm-list")) exit(1, "Could not get the list of packages."); flag = 0; if (rpm_check(reference:"mailman-2.1.5-15.3.102mdk", release:"MDK10.2", cpu:"i386", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { if (rpm_exists(rpm:"mailman-", release:"MDK10.2")) { set_kb_item(name:"CVE-2006-0052", value:TRUE); } exit(0, "The host is not affected."); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-267-1.NASL description A remote Denial of Service vulnerability was discovered in the decoder for multipart messages. Certain parts of type last seen 2020-06-01 modified 2020-06-02 plugin id 21184 published 2006-04-04 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21184 title Ubuntu 4.10 / 5.04 / 5.10 : mailman vulnerability (USN-267-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-267-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(21184); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-0202", "CVE-2006-0052"); script_xref(name:"USN", value:"267-1"); script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : mailman vulnerability (USN-267-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A remote Denial of Service vulnerability was discovered in the decoder for multipart messages. Certain parts of type 'message/delivery-status' or parts containing only two blank lines triggered an exception. An attacker could exploit this to crash Mailman by sending a specially crafted email to a mailing list. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"solution", value:"Update the affected mailman package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mailman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/04"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"mailman", pkgver:"2.1.5-1ubuntu2.7")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mailman", pkgver:"2.1.5-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"mailman", pkgver:"2.1.5-8ubuntu2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mailman"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0486.NASL description An updated mailman package that fixes a denial of service flaw is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw was found in the way Mailman handles MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. (CVE-2006-0052) Users of Mailman should upgrade to this updated package, which contains backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21682 published 2006-06-11 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21682 title RHEL 3 / 4 : mailman (RHSA-2006:0486) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1027.NASL description A potential denial of service problem has been discovered in mailman, the web-based GNU mailing list manager. The (failing) parsing of messages with malformed mime multiparts sometimes caused the whole mailing list to become inoperative. The old stable distribution (woody) is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22569 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22569 title Debian DSA-1027-1 : mailman - programming error NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0486.NASL description An updated mailman package that fixes a denial of service flaw is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is software to help manage email discussion lists. A flaw was found in the way Mailman handles MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. (CVE-2006-0052) Users of Mailman should upgrade to this updated package, which contains backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21901 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21901 title CentOS 3 / 4 : mailman (CESA-2006:0486)
Oval
| accepted | 2013-04-29T04:19:39.835-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9475 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892
- http://secunia.com/advisories/19522
- http://secunia.com/advisories/19545
- http://secunia.com/advisories/19571
- http://secunia.com/advisories/20624
- http://secunia.com/advisories/20782
- http://securitytracker.com/id?1015851
- http://www.debian.org/security/2006/dsa-1027
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:061
- http://www.novell.com/linux/security/advisories/2006_08_sr.html
- http://www.osvdb.org/24367
- http://www.redhat.com/support/errata/RHSA-2006-0486.html
- http://www.securityfocus.com/bid/17311
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475
- https://usn.ubuntu.com/267-1/