Title: GNU Mailman Admin Login Variant Cross-Site Scripting Vulnerability
Severity: MODERATE
Description:
GNU Mailman is a freely available, open-source mailing list manager written in Python and C. It runs on Linux and other Unix-based systems.
GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which could allow the execution of arbitrary HTML and script code.
Visiting the link would result in the execution of an attacker's script code in the web browser of a user. This code would be executed in the context of the site running the vulnerable software.
The attacker may potentially exploit this condition to steal cookie-based authentication credentials.
This is a variation of the vulnerability described in Bugtraq ID 4825 "GNU Mailman Admin Login Cross-Site Scripting Vulnerability". This variation affects version 2.0.11 of GNU Mailman as well.
Affected Products:
- Conectiva Linux 4.1.0
- Conectiva Linux 4.2.0
- Conectiva Linux 5.0.0
- Conectiva Linux 5.1.0
- Conectiva Linux 6.0.0
- Conectiva Linux 7.0.0
- Conectiva Linux 8.0.0
- Debian Linux 3.0.0
- GNU Mailman 2.0.0
- GNU Mailman 2.0.1
- GNU Mailman 2.0.10
- GNU Mailman 2.0.11
- GNU Mailman 2.0.2
- GNU Mailman 2.0.3
- GNU Mailman 2.0.4
- GNU Mailman 2.0.5
- GNU Mailman 2.0.6
- GNU Mailman 2.0.7
- GNU Mailman 2.0.8
- GNU Mailman 2.0.9
- RedHat Linux 7.2.0 i386
- RedHat Linux 7.2.0 ia64
- RedHat Linux 7.3.0 i386
References:
- GNU: Mailman Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
