[Mailman-Users] any info on this reported exploit?
Diana Orrick
orrick at acns.fsu.edu
Thu Jan 26 19:05:53 CET 2006
http://www.securityfocus.com/bid/16248/discuss
GNU Mailman Large Date Data Denial Of Service Vulnerability
GNU Mailman is prone to a denial of service attack. This issue affects the
email date parsing functionality of Mailman.
The vulnerability could be triggered by mailing list posts and will impact
the availability of mailing lists hosted by the application.
______________________________________________________________________
this notice was from SANS at RISK:
06.3.18 CVE: CVE-2005-4153
Platform: Unix
Title: GNU Mailman Large Date Data Denial of Service
Description: Mailman is software to help manage email discussion
lists, much like Majordomo and SmartList. The application is exposed
to a denial of service issue when it attempts to parse very large
numbers of dates contained in email messages. All current versions are
affected.
Ref: http://www.securityfocus.com/bid/16248
______________________________________________________________________
--------------------------------------------------------------
We are running Mailman 2.1.5 and have just found extraordinary
IO wait issues requiring shutdown|restart of Mailman.
The notice suggests all versions are vulnerable, is this the case?
If so, suggested workaround? Patch/upgrade coming?
Thanks for any info on this issue,
-DMO
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diana Mayer Orrick email: orrick at ucs.fsu.edu
University Computing Services ph: (850) 644-2591
Florida State University fax: (850) 644-8722
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Mailman-Users
mailing list