Vulnerability Description
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
CVSS Score
2.6
LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Mailman | <= 2.1.8 |
Related Weaknesses (CWE)
References
- http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html
- http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt
- http://secunia.com/advisories/21732PatchVendor Advisory
- http://secunia.com/advisories/22011Vendor Advisory
- http://secunia.com/advisories/22020Vendor Advisory
- http://secunia.com/advisories/22227Vendor Advisory
- http://secunia.com/advisories/22639Vendor Advisory
- http://secunia.com/advisories/27669Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200609-12.xml
- http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295Patch
- http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859
- http://www.debian.org/security/2006/dsa-1188
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:165
- http://www.novell.com/linux/security/advisories/2006_25_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0779.html
FAQ
What is CVE-2006-4624?
CVE-2006-4624 is a vulnerability with a CVSS score of 2.6 (LOW). CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRL...
How severe is CVE-2006-4624?
CVE-2006-4624 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4624?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Mailman.