CVE-2005-0157

Name of the Vulnerable Software and Affected Versions SmartList versions 3.15 and earlier

Description The issue allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned. Multiple vulnerabilities in the SmartList package of the Debian GNU/Linux operating system can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information.

Recommendations For SmartList versions 3.15 and earlier, consider disabling the confirm add-on functionality until a patch is available to prevent attackers from subscribing arbitrary e-mail addresses. At the moment, there is no information about a newer version that contains a fix for this vulnerability.