exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2021-42097

Status Candidate

Overview

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

Related Files

Red Hat Security Advisory 2021-4913-04
Posted Dec 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4913-04 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2016-6893, CVE-2021-42097, CVE-2021-44227
SHA-256 | c0b2367bca6b9519cbf4eef54ab3a7cc8eece40d1140a7de1f14b7331fe671bd
Red Hat Security Advisory 2021-4837-02
Posted Nov 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4837-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2021-42096, CVE-2021-42097
SHA-256 | da322af9925df9b13306362953effa81984e67c2c5736ed7a6d7a42016b35732
Red Hat Security Advisory 2021-4838-02
Posted Nov 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4838-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2021-42096, CVE-2021-42097
SHA-256 | bb526170f9703a69821a3db3f612496e679220fb515ad16625d199b42964ede6
Red Hat Security Advisory 2021-4839-02
Posted Nov 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4839-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2021-42096, CVE-2021-42097
SHA-256 | fc6755eec5257a10ac71b7c64432cfb6808ffcb94fa7916e3ef8d310485c4506
Red Hat Security Advisory 2021-4826-02
Posted Nov 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4826-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2021-42096, CVE-2021-42097
SHA-256 | 01c9eca9735075e3086e61c04041b4419b8bdee0646991eed6726a30d52e8583
Ubuntu Security Notice USN-5121-2
Posted Nov 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5121-2 - USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. It was discovered that Mailman improperly sanitize the MIME content. An attacker could obtain sensitive information by sending a special type of attachment.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-12108, CVE-2020-12137, CVE-2021-42096, CVE-2021-42097
SHA-256 | 3e1981a243b75d6cb9eb3b871c11554d027734dba3c108e22426fdec3c295c82
Debian Security Advisory 4991-1
Posted Oct 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4991-1 - Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.

tags | advisory, web, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2020-12108, CVE-2020-15011, CVE-2021-42096, CVE-2021-42097
SHA-256 | 954d8b9822764173dd884577e87a44ad7f9a8af40f4ebc025e3d191931336710
Ubuntu Security Notice USN-5121-1
Posted Oct 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2021-42096, CVE-2021-42097
SHA-256 | 31b5089934b776c5932880b406f38f121f36e74f6461c25588737e5f22c7ff0f
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close