Intrusion Prevention

GNU.Mailman.Scrubber.UTF-8.Filename.DoS

Description

This indicates an attack attempt to exploit a denial-of-service vulnerability in GNU Mailman.
The vulnerability is caused by an error when the scrubber.py script handles an attachment with a malicious filename. It allows a remote attacker to crash the application via sending a crafted SMTP attachment.

Affected Products

GNU Mailman 2.1.5
GNU Mailman 2.1.4
GNU Mailman 2.1.3
GNU Mailman 2.1.2
GNU Mailman 2.1.1
GNU Mailman 2.1 b1
GNU Mailman 2.1
GNU Mailman 2.0.14
GNU Mailman 2.0.13
GNU Mailman 2.0.12
GNU Mailman 2.0.11
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.gnu.org/software/mailman/

CVE References

CVE-2005-3573