Debian Security Advisory DSA 720-1 (smartlist) Network Vulnerability

Summary

The remote host is missing an update to smartlist announced via advisory DSA 720-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20720-1

Insight

Jeroen van Wolffelaar noticed that the confirm add-on of SmartList, the listmanager used on lists.debian.org, which is used on that host as well, could be tricked to subscribe arbitrary addresses to the lists. For the stable distribution (woody) this problem has been fixed in version 3.15-5.woody.1. For the unstable distribution (sid) this problem has been fixed in version 3.15-18. We recommend that you upgrade your smartlist package.

Severity

Classification

CVE CVE-2005-0157
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 014-1 (splitvt)
Debian Security Advisory DSA 107-1 (jgroff)
Debian Security Advisory DSA 033-1 (analog)
Debian Security Advisory DSA 044-1 (mailx)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)

Take action and discover your vulnerabilities