Intrusion Prevention

GNU.Mailman.Large.Date.DoS

Description

This indicates an attempt to exploit a Denial of Service vulnerability in GNU Mailman, an open source mailing list manager.
GNU Mailman is vulnerable to a denial of service as a result of a vulnerability in the scrubber.py script. A remote attacker can send a specially crafted email containing excessively large date data to cause the mailing list to stop working.

Affected Products

GNU Mailman 2.1.5
GNU Mailman 2.1.4
GNU Mailman 2.1.3
GNU Mailman 2.1.2
GNU Mailman 2.1.1
GNU Mailman 2.1 b1
GNU Mailman 2.1
GNU Mailman 2.0.14
GNU Mailman 2.0.13
GNU Mailman 2.0.12
GNU Mailman 2.0.11
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8
GNU Mailman 2.0.7
GNU Mailman 2.0.6
GNU Mailman 2.0.5
GNU Mailman 2.0.4
GNU Mailman 2.0.4
GNU Mailman 2.0.3
GNU Mailman 2.0.2
GNU Mailman 2.0.1
GNU Mailman 2.0 beta5
GNU Mailman 2.0 beta4
GNU Mailman 2.0 beta3
GNU Mailman 2.0 .8
GNU Mailman 2.0 .7
GNU Mailman 2.0 .6
GNU Mailman 2.0 .5
GNU Mailman 2.0 .3
GNU Mailman 2.0 .2
GNU Mailman 2.0 .1
GNU Mailman 2.0

Impact

Denial of Service.

Recommended Actions

GNU Mailman 2.0 beta3
GNU Mailman 2.0 beta4
GNU Mailman 2.0
GNU Mailman 2.0 .1
GNU Mailman 2.0 .7
GNU Mailman 2.0 .5
GNU Mailman 2.0 .3
GNU Mailman 2.0 .6
GNU Mailman 2.0 .2
GNU Mailman 2.0 beta5
GNU Mailman 2.0.1
GNU Mailman 2.0.10
GNU Mailman 2.0.11
GNU Mailman 2.0.12
GNU Mailman 2.0.13
GNU Mailman 2.0.14
GNU Mailman 2.0.2
GNU Mailman 2.0.3
GNU Mailman 2.0.4
GNU Mailman 2.0.4
GNU Mailman 2.0.5
GNU Mailman 2.0.6
GNU Mailman 2.0.7
GNU Mailman 2.0.8
GNU Mailman 2.0.9
GNU Mailman 2.1 b1
GNU Mailman 2.1
GNU Mailman 2.1.1
GNU Mailman 2.1.2
* GNU mailman-2.1.7.tgz
http://prdownloads.sourceforge.net/mailman/mailman-2.1.7.tgz?download
GNU Mailman 2.1.4
* Mandriva mailman-2.1.4-2.5.C30mdk.i586.rpm
Corporate 3.0:
http://www1.mandrivalinux.com/en/ftp.php3
* Mandriva mailman-2.1.4-2.5.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
GNU Mailman 2.1.5
* Debian mailman_2.1.5-8sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_alpha.deb
* Debian mailman_2.1.5-8sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_amd64.deb
* Debian mailman_2.1.5-8sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_arm.deb
* Debian mailman_2.1.5-8sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_hppa.deb
* Debian mailman_2.1.5-8sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_i386.deb
* Debian mailman_2.1.5-8sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_ia64.deb
* Debian mailman_2.1.5-8sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_m68k.deb
* Debian mailman_2.1.5-8sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_mips.deb
* Debian mailman_2.1.5-8sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_mipsel.deb
* Debian mailman_2.1.5-8sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_powerpc.deb
* Debian mailman_2.1.5-8sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_s390.deb
* Debian mailman_2.1.5-8sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8 sarge1_sparc.deb
* Mandriva mailman-2.1.5-15.2.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www1.mandrivalinux.com/en/ftp.php3
* Mandriva mailman-2.1.5-15.2.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
* Mandriva mailman-2.1.5-7.5.101mdk.i586.rpm
Mandriva Linux 10.1:
http://www1.mandrivalinux.com/en/ftp.php3
* Mandriva mailman-2.1.5-7.5.101mdk.x86_64.rpm
Mandriva Linux 10.1/X86_64:
http://www1.mandrivalinux.com/en/ftp.php3
* Ubuntu mailman_2.1.5-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_amd64.deb
* Ubuntu mailman_2.1.5-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_i386.deb
* Ubuntu mailman_2.1.5-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_powerpc.deb
* Ubuntu mailman_2.1.5-1ubuntu2.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.3_amd64.deb
* Ubuntu mailman_2.1.5-1ubuntu2.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.3_i386.deb
* Ubuntu mailman_2.1.5-1ubuntu2.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.3_powerpc.deb
* Ubuntu mailman_2.1.5-1ubuntu2.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.4_amd64.deb
* Ubuntu mailman_2.1.5-1ubuntu2.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.4_i386.deb
* Ubuntu mailman_2.1.5-1ubuntu2.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.4_powerpc.deb
* Ubuntu mailman_2.1.5-1ubuntu2.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.5_amd64.deb
* Ubuntu mailman_2.1.5-1ubuntu2.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.5_i386.deb
* Ubuntu mailman_2.1.5-1ubuntu2.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.5_powerpc.deb
* Ubuntu mailman_2.1.5-7ubuntu0.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7u buntu0.1_amd64.deb
* Ubuntu mailman_2.1.5-7ubuntu0.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7u buntu0.1_i386.deb
* Ubuntu mailman_2.1.5-7ubuntu0.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-7u buntu0.1_powerpc.deb
* Ubuntu mailman_2.1.5-8ubuntu2.1_amd64.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8u buntu2.1_amd64.deb
* Ubuntu mailman_2.1.5-8ubuntu2.1_i386.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8u buntu2.1_i386.deb
* Ubuntu mailman_2.1.5-8ubuntu2.1_powerpc.deb
Ubuntu 5.10 (Breezy Badger)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-8u buntu2.1_powerpc.deb

CVE References

CVE-2005-4153