Description
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
Affected products
- conectiva / linux4.2 – 4.2
- conectiva / linux4.1 – 4.1
- conectiva / linux5.0 – 5.0
- conectiva / linux5.1 – 5.1
- gnu / Mailman2.0 – 2.0
- gnu / Mailman2.0 – 2.0
- RedHat / linux
References
- MISChttp://www.securityfocus.com/archive/1/73220
- MISChttp://www.redhat.com/support/errata/RHSA-2000-030.html
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html
- MISChttp://www.securityfocus.com/bid/1539
- MISChttp://www.securityfocus.com/templates/archive.pike?list=1&msg=20000802105050.A11733%40rak.isternet.sk