Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 199306

Summary: net-mail/mailman - CRLF injection vulnerability in Utils.py (CVE-2006-4624)
Product: Gentoo Security Reporter: Heath Caldwell (RETIRED) <hncaldwell>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: trivial CC: henson
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624
Whiteboard:
Package list:
Runtime testing required: ---

Description Heath Caldwell (RETIRED) gentoo-dev 2007-11-15 22:37:04 UTC 
From CVE-2006-4624 description:

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequences in the URI.

Reproducible: Always

Steps to Reproduce:
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-11-16 09:25:31 UTC 
2.1.9rc1 went stable more than a year ago.

*** This bug has been marked as a duplicate of bug 139976 ***