ByteOS Network

NVD Vulnerability Details :

CVE-2006-4624

Deferred

Source-cve@mitre.org

Published At-07 Sep, 2006 | 19:04

Updated At-03 Apr, 2025 | 01:03

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 2.6

Base severity: LOW

Vector:

AV:N/AC:H/Au:N/C:N/I:P/A:N

CPE Matches

GNU

>>mailman>>Versions up to 2.1.8(inclusive)

cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-94	Primary	nvd@nist.gov

CWE ID: CWE-94

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2007-09-05T00:00:00

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205651 The Red Hat Security Response Team has rated this issue as having low security impact and expects to release a future update to address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode. This bug will be addressed in a future update of Red Hat Enterprise Linux 4.

References

Hyperlink	Source	Resource
http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html	cve@mitre.org	N/A
http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt	cve@mitre.org	N/A
http://secunia.com/advisories/21732	cve@mitre.org	Patch Vendor Advisory
http://secunia.com/advisories/22011	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/22020	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/22227	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/22639	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/27669	cve@mitre.org	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200609-12.xml	cve@mitre.org	N/A
http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295	cve@mitre.org	Patch
http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923	cve@mitre.org	N/A
http://www.debian.org/security/2006/dsa-1188	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:165	cve@mitre.org	N/A
http://www.novell.com/linux/security/advisories/2006_25_sr.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2007-0779.html	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/445992/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/19831	cve@mitre.org	N/A
http://www.securityfocus.com/bid/20021	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/3446	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28734	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756	cve@mitre.org	N/A
http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21732	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://secunia.com/advisories/22011	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/22020	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/22227	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/22639	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/27669	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200609-12.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295	af854a3a-2127-422b-91ae-364da2661108	Patch
http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2006/dsa-1188	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:165	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.novell.com/linux/security/advisories/2006_25_sr.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2007-0779.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/445992/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/19831	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/20021	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2006/3446	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28734	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/21732

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://secunia.com/advisories/22011

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/22020

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/22227

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/22639

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/27669

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://security.gentoo.org/glsa/glsa-200609-12.xml

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2006/dsa-1188

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:165

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.novell.com/linux/security/advisories/2006_25_sr.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0779.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/445992/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/19831

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/20021

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2006/3446

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28734

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html