Summary
The remote host is missing an update to smartlist
announced via advisory DSA 720-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20720-1
Insight
Jeroen van Wolffelaar noticed that the confirm add-on of SmartList, the listmanager used on lists.debian.org, which is used on that host as well, could be tricked to subscribe arbitrary addresses to the lists.
For the stable distribution (woody) this problem has been fixed in version 3.15-5.woody.1.
For the unstable distribution (sid) this problem has been fixed in version 3.15-18.
We recommend that you upgrade your smartlist package.
Severity
Classification
-
CVE CVE-2005-0157 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities