Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-3573

Published: 16/11/2005 Updated: 11/10/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Gnu

Vulnerability Summary

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote malicious users to cause a denial of service (application crash).

Vulnerable Product Search on Vulmon Subscribe to Product

gnu mailman 2.0.10

gnu mailman 2.0.11

gnu mailman 2.0.6

gnu mailman 2.0.7

gnu mailman 2.1.1

gnu mailman 2.1.2

gnu mailman 2.0.14

gnu mailman 2.0.2

gnu mailman 2.0.3

gnu mailman 2.0

gnu mailman 2.1.5

gnu mailman 2.1.5.8

gnu mailman 2.0.12

gnu mailman 2.0.13

gnu mailman 2.0.8

gnu mailman 2.0.9

gnu mailman 2.1.3

gnu mailman 2.1.4

gnu mailman 2.0.1

gnu mailman 2.0.4

gnu mailman 2.0.5

gnu mailman 2.1

Vendor Advisories

Ubuntu Security Notice: mailman vulnerabilities
Aliet Santiesteban Sifontes discovered a remote Denial of Service vulnerability in the attachment handler An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash (CVE-2005-3573) ...
Debian CVElist Bug Report Logs: CVE-2010-3089
Debian Bug report logs - #599833 CVE-2010-3089 Package: mailman; Maintainer for mailman is Mailman for Debian <pkg-mailman-hackers@listsaliothdebianorg>; Source for mailman is src:mailman (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 11 Oct 2010 17:54:12 UTC Severity: grave Tag ...
Debian CVElist Bug Report Logs: Messages with invalid filenames don't get archived
Debian Bug report logs - #327732 Messages with invalid filenames don't get archived Package: mailman; Maintainer for mailman is Mailman for Debian <pkg-mailman-hackers@listsaliothdebianorg>; Source for mailman is src:mailman (PTS, buildd, popcon) Reported by: Aliet Santiesteban Sifontes <aliet@teslacujaeeducu> ...
Debian Security Advisories: DSA-955-1 mailman -- DoS
Two denial of service bugs were found in the mailman list server In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash In another, a message containing a bad date string could cause a server crash The old stable distribution (woody) is not vulnerable to this issue For the stable dis ...

References

NVD-CWE-Otherhttp://mail.python.org/pipermail/mailman-users/2005-September/046523.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732http://www.securityfocus.com/bid/15408http://secunia.com/advisories/17511http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222http://secunia.com/advisories/17874http://secunia.com/advisories/18612http://www.debian.org/security/2006/dsa-955http://www.ubuntu.com/usn/usn-242-1http://www.osvdb.org/20819http://www.redhat.com/support/errata/RHSA-2006-0204.htmlhttp://www.trustix.org/errata/2006/0012/http://securitytracker.com/id?1015735http://secunia.com/advisories/19167http://secunia.com/advisories/19196http://secunia.com/advisories/18456ftp://patches.sgi.com/support/free/security/advisories/20060401-01-Uhttp://secunia.com/advisories/19532http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.htmlhttp://secunia.com/advisories/18503http://www.vupen.com/english/advisories/2005/2404https://exchange.xforce.ibmcloud.com/vulnerabilities/23139https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038https://usn.ubuntu.com/242-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook