Vulnerability Name:

CVE-2005-4153 (CCN-29193)

Assigned:2005-09-01
Published:2005-09-01
Updated:2017-10-11
Summary:Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: SGI
Type: UNKNOWN
20060401-01-U

Source: MITRE
Type: CNA
CVE-2005-4153

Source: CCN
Type: RHSA-2006-0204
mailman security update

Source: CCN
Type: SA18449
Mailman Dates Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
18449

Source: SECUNIA
Type: Vendor Advisory
18456

Source: SECUNIA
Type: Vendor Advisory
18612

Source: SECUNIA
Type: Vendor Advisory
19167

Source: SECUNIA
Type: Vendor Advisory
19196

Source: SECUNIA
Type: Vendor Advisory
19532

Source: CCN
Type: ASA-2006-066
mailman security update (RHSA-2006-0204)

Source: DEBIAN
Type: UNKNOWN
DSA-955

Source: DEBIAN
Type: DSA-955
mailman -- DoS

Source: OSVDB
Type: UNKNOWN
21723

Source: CCN
Type: OSVDB ID: 21723
Mailman Message Processing Date Field Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0204

Source: BID
Type: UNKNOWN
16248

Source: CCN
Type: BID-16248
GNU Mailman Large Date Data Denial Of Service Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2006-0012

Source: CCN
Type: USN-242-1
mailman vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-242-1

Source: MANDRIVA
Type: Patch, Vendor Advisory
MDKSA-2005:222

Source: XF
Type: UNKNOWN
mailman-utf8-scrubber-dos(23139)

Source: XF
Type: UNKNOWN
mailman-date-dos(29193)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10660

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.1.6:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:mailman:2.1.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10660
    V
    		Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
    2013-04-29
    oval:com.redhat.rhsa:def:20060204
    P
    		RHSA-2006:0204: mailman security update (Moderate)
    2008-03-20
    oval:org.debian:def:955
    V
    		DoS
    2006-01-25
    BACK
    gnu mailman 2.1.4
    gnu mailman 2.1.5
    gnu mailman 2.1.6
    gnu mailman 2.1.5
    gnu mailman 2.1.4
    gnu mailman 2.1.5.8
    gnu mailman 2.1.6
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0