PT-2006-5409 · Gnu+1 · Mailman+1

Moritz Naumann

Published

2006-09-07

Updated

2018-10-17

CVE-2006-4624

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mailman versions prior to 2.1.9rc1

Description The issue is related to a CRLF injection vulnerability in the Utils.py file. This vulnerability allows remote attackers to inject CRLF sequences into the URI, potentially spoofing messages in the error log. Attackers may use this to trick administrators into visiting malicious URLs.

Recommendations For versions prior to 2.1.9rc1, update to version 2.1.9rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the error log to minimize the risk of exploitation. Avoid using URLs with CRLF sequences in the affected Mailman version until the issue is resolved.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2006-4624

DSA-1188-1

RHSA-2007:0779

RHSA-2007_0779

Affected Products

Mailman

Red Hat

PT-2006-5409 · Gnu+1 · Mailman+1

CVE-2006-4624

Weakness Enumeration

Related Identifiers

Affected Products

References · 25