• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Mailman Multiple Security Vulnerabilities

Mailman is prone to multiple security vulnerabilities. The application fails to properly sanitize user-supplied input, and exhibits errors in MIME header handling and logging.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to cause a denial of service, and to inject spoofed log messages. This may help the attacker steal cookie-based authentication credentials, deny service to users, and launch other attacks.

These issues affect Mailman versions later than 2.0 and prior to 2.1.9rc1.