Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2005-3573

Disclosure Date: November 16, 2005
CVE-2005-3573
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • gnu

Products

  • mailman 2.0,
  • mailman 2.0.1,
  • mailman 2.0.10,
  • mailman 2.0.11,
  • mailman 2.0.12,
  • mailman 2.0.13,
  • mailman 2.0.14,
  • mailman 2.0.2,
  • mailman 2.0.3,
  • mailman 2.0.4,
  • mailman 2.0.5,
  • mailman 2.0.6,
  • mailman 2.0.7,
  • mailman 2.0.8,
  • mailman 2.0.9,
  • mailman 2.1,
  • mailman 2.1.1,
  • mailman 2.1.2,
  • mailman 2.1.3,
  • mailman 2.1.4,
  • mailman 2.1.5,
  • mailman 2.1.5.8

References

Canonical
CVE-2005-3573 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3573)
BID-15408 (http://www.securityfocus.com/bid/15408)
Advisory
SECUNIA-19167 (http://secunia.com/advisories/19167)
USN-242-1 (http://www.ubuntu.com/usn/usn-242-1)
SECUNIA-18503 (http://secunia.com/advisories/18503)
ADV-2005-2404 (http://www.vupen.com/english/advisories/2005/2404)
http://www.redhat.com/support/errata/RHSA-2006-0204.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038
OSVDB-20819 (http://www.osvdb.org/20819)
XF-mailman-utf8-scrubber-dos(23139) (https://exchange.xforce.ibmcloud.com/vulnerabilities/23139)
SECUNIA-18456 (http://secunia.com/advisories/18456)
SECTRACK-1015735 (http://securitytracker.com/id?1015735)
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html
SECUNIA-17874 (http://secunia.com/advisories/17874)
SECUNIA-19532 (http://secunia.com/advisories/19532)
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222
SECUNIA-18612 (http://secunia.com/advisories/18612)
SECUNIA-17511 (http://secunia.com/advisories/17511)
[Mailman-Users] 20050912 Uncaught runner exception: 'utf8' codeccan'tdecode bytes in position 1-4: invalid data (http://mail.python.org/pipermail/mailman-users/2005-September/046523.html)
SECUNIA-19196 (http://secunia.com/advisories/19196)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
DSA-955 (http://www.debian.org/security/2006/dsa-955)
Miscellaneous
2006-0012 (http://www.trustix.org/errata/2006/0012)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis