CVE-2006-4624 Information

Description

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

Reference

http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt http://secunia.com/advisories/21732 http://secunia.com/advisories/22011 http://secunia.com/advisories/22020 http://secunia.com/advisories/22227 http://secunia.com/advisories/22639 http://secunia.com/advisories/27669 http://security.gentoo.org/glsa/glsa-200609-12.xml http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295 http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923 http://www.debian.org/security/2006/dsa-1188 http://www.mandriva.com/security/advisories?name=MDKSA-2006:165 http://www.novell.com/linux/security/advisories/2006_25_sr.html http://www.redhat.com/support/errata/RHSA-2007-0779.html http://www.securityfocus.com/archive/1/445992/100/0/threaded http://www.securityfocus.com/bid/19831 http://www.securityfocus.com/bid/20021 http://www.vupen.com/english/advisories/2006/3446 https://exchange.xforce.ibmcloud.com/vulnerabilities/28734 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9756