The target is running version of the Mailman mailing list software that allows a list subscriber to retrieve the mailman password of any other subscriber by means of a specially crafted mail message to the server. That is, a message sent to $listname-request@$target containing the lines : password address=$victim password address=$subscriber will return the password of both $victim and $subscriber for the list $listname@$target. ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number of Mailman installed ***** there.

Upgrade to Mailman version 2.1.5 or newer.