ID de Prueba:	1.3.6.1.4.1.25623.1.0.58991
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0779
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0779. Mailman is a program used to help manage email discussion lists. A flaw was found in Mailman. A remote attacker could spoof messages in the error log, and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequence in the URI. (CVE-2006-4624) As well, these updated packages fix the following bugs: * canceling a subscription on the confirm subscription request page caused mailman to crash. * editing the sender filter caused all spam filter rules to be deleted. * the migrate-fhs script was not included. * the mailman init script returned a zero (success) exit code even when an incorrect command was given. For example, the mailman foo command returned a zero exit code. In these updated packages the mailmain init script returns the correct exit codes. Users of Mailman are advised to upgrade to these updated packages, which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0779.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4624 BugTraq ID: 19831 http://www.securityfocus.com/bid/19831 BugTraq ID: 20021 http://www.securityfocus.com/bid/20021 Bugtraq: 20060913 Mailman 2.1.8 Multiple Security Issues (Google Search) http://www.securityfocus.com/archive/1/445992/100/0/threaded Debian Security Information: DSA-1188 (Google Search) http://www.debian.org/security/2006/dsa-1188 http://security.gentoo.org/glsa/glsa-200609-12.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:165 http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923 http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756 http://www.redhat.com/support/errata/RHSA-2007-0779.html http://secunia.com/advisories/21732 http://secunia.com/advisories/22011 http://secunia.com/advisories/22020 http://secunia.com/advisories/22227 http://secunia.com/advisories/22639 http://secunia.com/advisories/27669 SuSE Security Announcement: SUSE-SR:2006:025 (Google Search) http://www.novell.com/linux/security/advisories/2006_25_sr.html http://www.vupen.com/english/advisories/2006/3446 XForce ISS Database: mailman-admin-spoofing(28734) https://exchange.xforce.ibmcloud.com/vulnerabilities/28734
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.