Red Hat recommends updating the Mailman package included in several versions of its Linux operating system to correct...
vulnerabilities that could allow remote cross-site scripting and denial of service attacks.
Mailman is a program for managing mailing lists and is shipped with Red Hat's Linux operating system under a GNU General Public License. Mailman has several vulnerabilities.
One flaw in the admin CGI script of Mailman versions that predate 2.1.4 can allow a remote attacker to steal session cookies and to conduct unauthorized activities, including cross-site scripting . This could lead to a denial of service.
Another flaw in the create CGI script of Mailman 2.1.x versions before 2.1.3 also permits a remote attacker to steal cookies.
Mailman has suffered from other cross-scripting problems in the past. The current vulnerability affects Linux Advanced Server 2.1 for Itanium, Enterprise Linux ES 2.1 and Enterprise Linux AS 2.1. Updates are available from Red Hat.
Dig Deeper on Alternative OS security: Mac, Linux, Unix, etc.