GNU Mailman Malformed Message Remote Denial Of Service Vulnerability

Bugtraq ID:	9620
Class:	Input Validation Error
CVE:	CAN-2003-0991
Remote:	Yes
Local:	No
Published:	Feb 09 2004 12:00AM
Updated:	Feb 09 2004 12:00AM
Credit:	Discovery of this issue has been credited to Matthew Galgoci.
Vulnerable:	SGI ProPack 2.4 SGI ProPack 2.3 GNU Mailman 2.1 GNU Mailman 2.0.14 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 GNU Mailman 2.0.13 + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux AS 2.1 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 GNU Mailman 2.0.12 GNU Mailman 2.0.11 + Debian Linux 3.0 GNU Mailman 2.0.10 GNU Mailman 2.0.9 GNU Mailman 2.0.8 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Conectiva Linux 5.1 + Conectiva Linux 5.0 + RedHat Linux 7.3 i386 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 - RedHat PowerTools 7.1 - RedHat PowerTools 7.0 GNU Mailman 2.0.7 GNU Mailman 2.0.6 GNU Mailman 2.0.5 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Conectiva Linux 5.1 + Conectiva Linux 5.0 + Conectiva Linux 4.2 + Conectiva Linux 4.1 - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 68k - Debian Linux 2.2 - FreeBSD FreeBSD 4.3 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - MandrakeSoft Linux Mandrake 8.0 - MandrakeSoft Linux Mandrake 7.2 - MandrakeSoft Linux Mandrake 7.1 - NetBSD NetBSD 1.5.2 - NetBSD NetBSD 1.5.1 - OpenBSD OpenBSD 2.9 - OpenBSD OpenBSD 2.8 - OpenBSD OpenBSD 2.7 - RedHat Linux 7.1 - RedHat Linux 7.0 - S.u.S.E. Linux 7.2 - S.u.S.E. Linux 7.1 - S.u.S.E. Linux 7.0 - Slackware Linux 8.0 - Slackware Linux 7.1 - Slackware Linux 7.0 - Sun Solaris 8 - Sun Solaris 7.0 - Sun Solaris 2.6 GNU Mailman 2.0.4 GNU Mailman 2.0.4 GNU Mailman 2.0.3 GNU Mailman 2.0.2 GNU Mailman 2.0.1 GNU Mailman 2.0 beta5 + RedHat Secure Web Server 3.2 i386 GNU Mailman 2.0 beta4 - BSDI BSD/OS 4.0 - Conectiva Linux 5.1 - Conectiva Linux 5.0 - Conectiva Linux 4.2 - Conectiva Linux 4.1 - Debian Linux 2.2 - Debian Linux 2.1 - Digital UNIX 4.0 - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.0 - FreeBSD FreeBSD 3.5 - HP HP-UX 11.0 - HP HP-UX 10.20 - IBM AIX 4.3 - MandrakeSoft Linux Mandrake 7.1 - MandrakeSoft Linux Mandrake 7.0 - NetBSD NetBSD 1.4.2 x86 - NetBSD NetBSD 1.4.1 x86 + RedHat Secure Web Server 3.2 i386 + RedHat Secure Web Server 3.1 sparc + RedHat Secure Web Server 3.1 i386 + RedHat Secure Web Server 3.1 alpha + RedHat Secure Web Server 3.0 i386 - SGI IRIX 6.5 - Sun Solaris 8 - Sun Solaris 7.0 GNU Mailman 2.0 beta3 - BSDI BSD/OS 4.0 - Conectiva Linux 5.1 - Conectiva Linux 5.0 - Conectiva Linux 4.2 - Conectiva Linux 4.1 - Debian Linux 2.2 - Debian Linux 2.1 - Digital UNIX 4.0 - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.0 - FreeBSD FreeBSD 3.5 - HP HP-UX 11.0 - HP HP-UX 10.20 - IBM AIX 4.3 - MandrakeSoft Linux Mandrake 7.1 - MandrakeSoft Linux Mandrake 7.0 - NetBSD NetBSD 1.4.2 x86 - NetBSD NetBSD 1.4.1 x86 + RedHat Secure Web Server 3.2 i386 + RedHat Secure Web Server 3.1 sparc + RedHat Secure Web Server 3.1 i386 + RedHat Secure Web Server 3.1 alpha + RedHat Secure Web Server 3.0 i386 - SGI IRIX 6.5 - Sun Solaris 8 - Sun Solaris 7.0 GNU Mailman 2.0 .8 + RedHat Secure Web Server 3.2 i386 GNU Mailman 2.0 .7 GNU Mailman 2.0 .6 + RedHat Linux 7.2 i386 GNU Mailman 2.0 .5 GNU Mailman 2.0 .3 GNU Mailman 2.0 .2 GNU Mailman 2.0 .1 GNU Mailman 2.0 GNU Mailman 1.1 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 GNU Mailman 1.0 + Debian Linux 2.1

Not Vulnerable:	GNU Mailman 2.1.10 b1 GNU Mailman 2.1.4 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 GNU Mailman 2.1.3 GNU Mailman 2.1.1 + RedHat Linux 9.0 i386 + RedHat Linux 7.3 i686 + RedHat Linux 7.3 i386 + RedHat Linux 7.3