GNU Mailman Multiple Remote Vulnerabilities
GNU Mailman is reported prone to multiple remote vulnerabilities. The following individual issues are reported:
It is reported that GNU Mailman is affected by an information disclosure vulnerability.
Information that is harvested by exploiting this vulnerability may be used to aid in further attacks that are launched against a target user, or the computer that is hosting the vulnerable software.
A cross-site scripting vulnerability has been discovered in GNU Mailman. The issue occurs due to insufficient sanitization of user-supplied data.
It may be possible to exploit this issue in order to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.
Finally, Mailman is reported prone to a weak auto-generated password vulnerability. It is reported that, when a user subscribes to a mailing list and a password is not specified, Mailman will auto-generate one. The password generation algorithm will generate a weak low entropy password. This password may potentially be brute forced by an attacker.