SB2020050628 - Spoofing attack in GNU Mailman
Published: May 6, 2020 Updated: June 5, 2020
Security Bulletin ID
SB2020050628
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Spoofing attack (CVE-ID: CVE-2020-12108)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data when processing email addresses. A remote attacker can create a specially crafted email and spoof content of email message.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html
- https://bugs.launchpad.net/mailman/+bug/1873722
- https://code.launchpad.net/mailman
- https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html
- https://mail.python.org/pipermail/mailman-announce/
- https://usn.ubuntu.com/4354-1/