SB2021052038 - Red Hat Enterprise Linux 8 update for the mailman:2.1 module 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052038

SB2021052038 - Red Hat Enterprise Linux 8 update for the mailman:2.1 module

Published: May 20, 2021

Security Bulletin ID SB2021052038
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Spoofing attack (CVE-ID: CVE-2020-12108)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data when processing email addresses. A remote attacker can create a specially crafted email and spoof content of email message.


2) Code Injection (CVE-ID: CVE-2020-15011)

The vulnerability allows a remote attacker to inject arbitrary content.

The vulnerability exists due to improper input validation within the Cgi/private.py private archive login page.  A remote attacker can send a specially crafted request and inject arbitrary content.

Successful exploitation of the vulnerability requires that the roster visibility (private_roster) setting is 'Anyone'.


Remediation

Install update from vendor's website.

References