Vulnerabilities > CVE-2006-3636 - Multiple Security vulnerability in GNU Mailman

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
gnu
nessus
exploit available
NVD
Published: 2006-09-06
Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Gnu
12

Exploit-Db

descriptionMailman 2.1.x Multiple Input Validation Vulnerabilities. CVE-2006-3636. Webapps exploit for cgi platform
idEDB-ID:28570
last seen2016-02-03
modified2006-09-14
published2006-09-14
reporterMoritz Naumann
sourcehttps://www.exploit-db.com/download/28570/
titleMailman 2.1.x - Multiple Input Validation Vulnerabilities

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0600.NASL
    descriptionUpdated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22320
    published2006-09-12
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22320
    titleCentOS 3 / 4 : mailman (CESA-2006:0600)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0600.NASL
    descriptionFrom Red Hat Security Advisory 2006:0600 : Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67397
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67397
    titleOracle Linux 3 / 4 : mailman (ELSA-2006-0600)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11243.NASL
    descriptionThis update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman
    last seen2020-06-01
    modified2020-06-02
    plugin id41102
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41102
    titleSuSE9 Security Update : mailman (YOU Patch Number 11243)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FFFA92573C1711DB86AB00123FFE8333.NASL
    descriptionSecunia reports : Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service). 1) An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successful exploitation may trick an administrator into visiting a malicious website. 2) An error in the processing of malformed headers which does not follow the RFC 2231 standard can be exploited to cause a DoS (Denial of Service). 3) Some unspecified input isn
    last seen2020-06-01
    modified2020-06-02
    plugin id22304
    published2006-09-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22304
    titleFreeBSD : mailman -- Multiple Vulnerabilities (fffa9257-3c17-11db-86ab-00123ffe8333)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MAILMAN-2170.NASL
    descriptionThis update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman
    last seen2020-06-01
    modified2020-06-02
    plugin id27344
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27344
    titleopenSUSE 10 Security Update : mailman (mailman-2170)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1188.NASL
    descriptionSeveral security related problems have been discovered in mailman, the web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3636 Moritz Naumann discovered several cross-site scripting problems that could allow remote attackers to inject arbitrary web script code or HTML. - CVE-2006-4624 Moritz Naumann discovered that a remote attacker can inject arbitrary strings into the logfile.
    last seen2020-06-01
    modified2020-06-02
    plugin id22730
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22730
    titleDebian DSA-1188-1 : mailman - format string
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MAILMAN-2174.NASL
    descriptionThis update of mailman fixes the following security issues : - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman
    last seen2020-06-01
    modified2020-06-02
    plugin id29519
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29519
    titleSuSE 10 Security Update : mailman (ZYPP Patch Number 2174)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-165.NASL
    descriptionA flaw was discovered in how Mailman handles MIME multipart messages where an attacker could send a carefully-crafted MIME multipart message to a Mailman-run mailing list causing that mailing list to stop working (CVE-2006-2941). As well, a number of XSS (cross-site scripting) issues were discovered that could be exploited to perform XSS attacks against the Mailman administrator (CVE-2006-3636). Finally, a CRLF injection vulnerability allows remote attackers to spoof messages in the error log (CVE-2006-4624). Updated packages have been patched to address these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id23909
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/23909
    titleMandrake Linux Security Advisory : mailman (MDKSA-2006:165)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200609-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200609-12 (Mailman: Multiple vulnerabilities) Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact : An attacker could exploit these vulnerabilities to cause Mailman to stop processing mails, to inject content into the log file or to execute arbitrary scripts running in the context of the administrator or mailing list user
    last seen2020-06-01
    modified2020-06-02
    plugin id22429
    published2006-09-22
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22429
    titleGLSA-200609-12 : Mailman: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-345-1.NASL
    descriptionSteve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various cross-site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator
    last seen2020-06-01
    modified2020-06-02
    plugin id27924
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27924
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : mailman vulnerabilities (USN-345-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0600.NASL
    descriptionUpdated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22330
    published2006-09-12
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22330
    titleRHEL 3 / 4 : mailman (RHSA-2006:0600)

Oval

accepted2013-04-29T04:06:39.552-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMultiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
familyunix
idoval:org.mitre.oval:def:10553
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
version26

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/50027/0013.txt
idPACKETSTORM:50027
last seen2016-12-05
published2006-09-14
reporterMoritz Naumann
sourcehttps://packetstormsecurity.com/files/50027/0013.txt.html
title0013.txt

Redhat

advisories
bugzilla
id203704
titleCVE-2006-3636 Mailman XSS issues
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentmailman is earlier than 3:2.1.5.1-34.rhel4.5
      ovaloval:com.redhat.rhsa:tst:20060600001
    • commentmailman is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20060204002
rhsa
idRHSA-2006:0600
released2006-09-06
severityModerate
titleRHSA-2006:0600: mailman security update (Moderate)
rpms
  • mailman-3:2.1.5.1-25.rhel3.7
  • mailman-3:2.1.5.1-34.rhel4.5
  • mailman-debuginfo-3:2.1.5.1-25.rhel3.7
  • mailman-debuginfo-3:2.1.5.1-34.rhel4.5

References