GNU.Mailman.Scrubber.UTF-8.Filename.DoS
Description
This indicates an attack attempt to exploit a denial-of-service vulnerability in GNU Mailman.
The vulnerability is caused by an error when the scrubber.py script handles an attachment with a malicious filename. It allows a remote attacker to crash the application via sending a crafted SMTP attachment.
Affected Products
GNU Mailman 2.1.5
GNU Mailman 2.1.4
GNU Mailman 2.1.3
GNU Mailman 2.1.2
GNU Mailman 2.1.1
GNU Mailman 2.1 b1
GNU Mailman 2.1
GNU Mailman 2.0.14
GNU Mailman 2.0.13
GNU Mailman 2.0.12
GNU Mailman 2.0.11
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Refer to the vendor's web site for the suggested workaround:
http://www.gnu.org/software/mailman/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-11 | 16.995 |