GNU.Mailman.Scrubber.UTF-8.Filename.DoS

description-logoDescription

This indicates an attack attempt to exploit a denial-of-service vulnerability in GNU Mailman.
The vulnerability is caused by an error when the scrubber.py script handles an attachment with a malicious filename. It allows a remote attacker to crash the application via sending a crafted SMTP attachment.

affected-products-logoAffected Products

GNU Mailman 2.1.5
GNU Mailman 2.1.4
GNU Mailman 2.1.3
GNU Mailman 2.1.2
GNU Mailman 2.1.1
GNU Mailman 2.1 b1
GNU Mailman 2.1
GNU Mailman 2.0.14
GNU Mailman 2.0.13
GNU Mailman 2.0.12
GNU Mailman 2.0.11
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www.gnu.org/software/mailman/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-11 16.995