http://www.securityfocus.com/bid/16248/discuss
GNU Mailman Large Date Data Denial Of Service Vulnerability GNU Mailman is prone to a denial of service attack. This issue affects the email date parsing functionality of Mailman. The vulnerability could be triggered by mailing list posts and will impact the availability of mailing lists hosted by the application. ______________________________________________________________________ this notice was from [EMAIL PROTECTED]: 06.3.18 CVE: CVE-2005-4153 Platform: Unix Title: GNU Mailman Large Date Data Denial of Service Description: Mailman is software to help manage email discussion lists, much like Majordomo and SmartList. The application is exposed to a denial of service issue when it attempts to parse very large numbers of dates contained in email messages. All current versions are affected. Ref: http://www.securityfocus.com/bid/16248 ______________________________________________________________________ -------------------------------------------------------------- We are running Mailman 2.1.5 and have just found extraordinary IO wait issues requiring shutdown|restart of Mailman. The notice suggests all versions are vulnerable, is this the case? If so, suggested workaround? Patch/upgrade coming? Thanks for any info on this issue, -DMO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diana Mayer Orrick email: [EMAIL PROTECTED] University Computing Services ph: (850) 644-2591 Florida State University fax: (850) 644-8722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
