Description
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110549296126351&w=2
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839
Various Sources x_refsource_misc
http://qa.debian.org/bts-security.html
Scores
EPSS
0.0039
EPSS Percentile
60.2%
Details
Status
published
Products (2)
gnu/mailman
2.1.5
ubuntu/ubuntu_linux
4.10
Published
May 02, 2005
Tracked Since
Feb 18, 2026