Vulnerability Description
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Mailman | 2.0 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
- http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html
- http://mail.python.org/pipermail/mailman-users/2005-September/046523.html
- http://secunia.com/advisories/17511Vendor Advisory
- http://secunia.com/advisories/17874
- http://secunia.com/advisories/18456
- http://secunia.com/advisories/18503
- http://secunia.com/advisories/18612
- http://secunia.com/advisories/19167
- http://secunia.com/advisories/19196
- http://secunia.com/advisories/19532
- http://securitytracker.com/id?1015735
- http://www.debian.org/security/2006/dsa-955
- http://www.osvdb.org/20819
FAQ
What is CVE-2005-3573?
CVE-2005-3573 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
How severe is CVE-2005-3573?
CVE-2005-3573 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3573?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Mailman.