CVE-2006-2191

Description

Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.

How to fix CVE-2006-2191

To remediate CVE-2006-2191, upgrade the affected package to a fixed version below.

• Debian/mailman—upgrade to 1:2.1.9-1 or later

Is CVE-2006-2191 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:2.1.9-1

References (5)

• ADVISORYsecunia.com/advisories/21732
• ADVISORYsecunia.com/advisories/22639
• ADVISORYwww.novell.com/linux/security/advisories/2006_25_sr.html
• PATCHmail.python.org/pipermail/mailman-announce/2006-September/000087.html