Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.870398
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for mailman RHSA-2011:0307-01
Zusammenfassung:The remote host is missing an update for the 'mailman'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'mailman'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mailman is a program used to help manage email discussion lists.

Multiple input sanitization flaws were found in the way Mailman displayed
usernames of subscribed users on certain pages. If a user who is subscribed
to a mailing list were able to trick a victim into visiting one of those
pages, they could perform a cross-site scripting (XSS) attack against the
victim. (CVE-2011-0707)

Multiple input sanitization flaws were found in the way Mailman displayed
mailing list information. A mailing list administrator could use this flaw
to conduct a cross-site scripting (XSS) attack against victims viewing a
list's 'listinfo' page. (CVE-2008-0564, CVE-2010-3089)

Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and
CVE-2010-3089 issues.

Users of mailman should upgrade to this updated package, which contains
backported patches to correct these issues.

Affected Software/OS:
mailman on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-0564
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 27630
http://www.securityfocus.com/bid/27630
Bugtraq: 20080215 rPSA-2008-0056-1 mailman (Google Search)
http://www.securityfocus.com/archive/1/488236/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061
http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html
http://www.redhat.com/support/errata/RHSA-2011-0307.html
http://secunia.com/advisories/28794
http://secunia.com/advisories/28916
http://secunia.com/advisories/28966
http://secunia.com/advisories/29249
http://secunia.com/advisories/29388
http://secunia.com/advisories/31687
http://secunia.com/advisories/43549
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-586-1
http://www.vupen.com/english/advisories/2008/0422
http://www.vupen.com/english/advisories/2011/0542
Common Vulnerability Exposure (CVE) ID: CVE-2010-3089
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Debian Security Information: DSA-2170 (Google Search)
http://www.debian.org/security/2011/dsa-2170
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html
http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html
http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html
http://marc.info/?l=oss-security&m=128438736513097&w=2
http://marc.info/?l=oss-security&m=128440851513718&w=2
http://marc.info/?l=oss-security&m=128441135117819&w=2
http://marc.info/?l=oss-security&m=128441237618793&w=2
http://marc.info/?l=oss-security&m=128441369020123&w=2
http://www.redhat.com/support/errata/RHSA-2011-0308.html
http://secunia.com/advisories/41265
http://secunia.com/advisories/42502
http://secunia.com/advisories/43294
http://secunia.com/advisories/43425
http://secunia.com/advisories/43580
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
SuSE Security Announcement: openSUSE-SU-2011:0424 (Google Search)
http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html
http://www.ubuntu.com/usn/USN-1069-1
http://www.vupen.com/english/advisories/2010/3271
http://www.vupen.com/english/advisories/2011/0436
http://www.vupen.com/english/advisories/2011/0460
Common Vulnerability Exposure (CVE) ID: CVE-2011-0707
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 46464
http://www.securityfocus.com/bid/46464
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:036
http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html
http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html
http://osvdb.org/70936
http://www.securitytracker.com/id?1025106
http://secunia.com/advisories/43389
http://secunia.com/advisories/43829
http://www.vupen.com/english/advisories/2011/0435
http://www.vupen.com/english/advisories/2011/0487
http://www.vupen.com/english/advisories/2011/0720
XForce ISS Database: mailman-fullname-xss(65538)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65538
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.