Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 SMTP:MAILMAN:PASSWD-DISCLOSURE

Severity

 Medium

Recommended

 No

Category

 SMTP

Keywords

 Mailman Password Disclosure

Release Date

 2004/05/26

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: Mailman Password Disclosure


This signature detects attempts to exploit a known vulnerability in Mailman, a free application for managing e-mail discussion and e-newsletter lists. If they know the e-mail address of a subscriber on a mailing list administered by Mailman, attackers can obtain the password for that subscriber.

Extended Description

Mailman is prone to an unspecified password retrieval vulnerability. This vulnerability was disclosed by the vendor. Reportedly, a remote attacker can gain access to user passwords, when the users subscribe to a mailing list. A remote attacker can use the sensitive information to hijack user accounts or carry out other attacks. Further information about this issue states that to exploit this vulnerability an attacker does not need to be subscribed to the list. The attacker needs to be able to mail <listname>-request@<listhost> and know the email address of a user to disclose the user's password. It is reported this issue affects Mailman 2.1.x versions. Due to a lack of details further information is not available at the moment. This BID will be updated as more information becomes available.

Affected Products

  • GNU Mailman 1.0.0
  • GNU Mailman 1.1.0
  • GNU Mailman 2.0.0
  • GNU Mailman 2.0.0 .1
  • GNU Mailman 2.0.0 .2
  • GNU Mailman 2.0.0 .3
  • GNU Mailman 2.0.0 .5
  • GNU Mailman 2.0.0 .6
  • GNU Mailman 2.0.0 .7
  • GNU Mailman 2.0.0 .8
  • GNU Mailman 2.0.0 Beta3
  • GNU Mailman 2.0.0 Beta4
  • GNU Mailman 2.0.0 Beta5
  • GNU Mailman 2.0.1
  • GNU Mailman 2.0.10
  • GNU Mailman 2.0.11
  • GNU Mailman 2.0.12
  • GNU Mailman 2.0.13
  • GNU Mailman 2.0.2
  • GNU Mailman 2.0.3
  • GNU Mailman 2.0.4
  • GNU Mailman 2.0.5
  • GNU Mailman 2.0.6
  • GNU Mailman 2.0.7
  • GNU Mailman 2.0.8
  • GNU Mailman 2.0.9
  • GNU Mailman 2.1.0
  • GNU Mailman 2.1.1
  • GNU Mailman 2.1.10 B1
  • GNU Mailman 2.1.2
  • GNU Mailman 2.1.3
  • GNU Mailman 2.1.4
  • Red Hat Linux 7.3.0
  • Red Hat Linux 7.3.0 I386
  • Red Hat Linux 7.3.0 I686
  • Red Hat Linux 9.0.0 I386

References

  • BugTraq: 10412
  • CVE: CVE-2004-0412
  • URL: http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html
  • URL: http://xforce.iss.net/xforce/xfdb/16256

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out