Vulnerability Name:

CVE-2001-0290 (CCN-6500)

Assigned:2001-03-06
Published:2001-03-06
Updated:2008-09-05
Summary:Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: BUGTRAQ
Type: Vendor Advisory
20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)

Source: CCN
Type: BugTraq Mailing List, Tue Mar 06 2001 - 01:53:01 CST
[Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:420
mailman

Source: MITRE
Type: CNA
CVE-2001-0290

Source: CCN
Type: GNU Project Web site
Mailman

Source: CCN
Type: OSVDB ID: 6021
Mailman List Admin Can Obtain User Passwords

Source: XF
Type: UNKNOWN
mailman-obtain-passwords(6500)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:mailman:*:*:*:*:*:*:*:* (Version <= 2.0.2)

    • Configuration CCN 1:
  • cpe:/a:gnu:mailman:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.0:beta5:*:*:*:*:*:*
  • AND
  • cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    gnu mailman *
    gnu mailman 1.0
    gnu mailman 1.1
    gnu mailman 2.0
    gnu mailman 2.0.1
    gnu mailman 2.0 beta3
    gnu mailman 2.0 beta4
    gnu mailman 2.0 beta5
    conectiva linux 6.0
    conectiva linux 4.1
    conectiva linux 4.2
    conectiva linux 5.0
    conectiva linux 5.1