Debian GNU/Linux 2.1 Advisory: Mailman Cookie Access Severity Critical
debian
December 13, 1999
We have become aware that the version mailman as supplied in Debian
GNU/Linux 2.1 has a problem with verifying list administrators
Summary
We have become aware that the version mailman as supplied in Debian
GNU/Linux 2.1 has a problem with verifying list administrators. The
problem is that the cookie value generation used was predictable, so
using forged authentication cookies it was possible to access the
list administration webpages without knowing the proper password.
More information about this vulnerability can be found at
June/001128.html
This has been fixed in version 1.0rc2-5.
We recommend you upgrade your mailman package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
source/mailman_1.0rc2-5.diff.gz
MD5 checksum: 096d96ebf89341b148d2ae917037559a
source/mailman_1.0rc2-5.dsc
MD5 checksum: a407c72b6d80163b04ddc5fb895b8fbd
es/binary-source/mailman_1.0rc2.orig.tar.gz
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!