[Mailman-Users] Privay options.
Harald.Meland at usit.uio.no
Sun Jun 13 19:36:30 CEST 1999
[David Sean McNicholl]
> I have a password protected list. I use administrator confirmation
> of posts. Last night someone was able to modify my pages to remove this
> option. Could they have done this without the password ?
Unfortunately, there is a security flaw in all Mailman versions up to
and including 1.0rc1. The security flaw has been fixed in CVS, and
I'm hoping there will be a new release shortly.
> How can I check ?
If the security flaw is what's been used to get in, the breakin is
neither easily traceable -- as the flaw is due to a misdesign in
Mailman's cookie authentication. Your web server access logs might
contain some hints.
More information about the Mailman-Users