SMTP: Mailman Password Disclosure

This signature detects attempts to exploit a known vulnerability in Mailman, a free application for managing e-mail discussion and e-newsletter lists. If they know the e-mail address of a subscriber on a mailing list administered by Mailman, attackers can obtain the password for that subscriber.

Extended Description

Mailman is prone to an unspecified password retrieval vulnerability. This vulnerability was disclosed by the vendor. Reportedly, a remote attacker can gain access to user passwords, when the users subscribe to a mailing list. A remote attacker can use the sensitive information to hijack user accounts or carry out other attacks. Further information about this issue states that to exploit this vulnerability an attacker does not need to be subscribed to the list. The attacker needs to be able to mail -request@ and know the email address of a user to disclose the user's password. It is reported this issue affects Mailman 2.1.x versions. Due to a lack of details further information is not available at the moment. This BID will be updated as more information becomes available.

Affected Products

Gnu mailman

Short Name
SMTP:MAILMAN:PASSWD-DISCLOSURE
Severity
Minor
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
CVE-2004-0412 Disclosure Mailman Password bid:10412
Release Date
05/26/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Red_hat

Gnu

CVSS Score

5.0

Found a potential security threat?