[Mailman-Users] Mailman 1.1 contains root vulnerability?

Christopher P. Lindsey lindsey at mallorn.com
Tue Sep 12 10:20:28 CEST 2000

> The mailing list server Mailman 1.1 contains a vulnerability
> that could allow an external user to execute commands as root.

That's not quite right.  It will execute commands as whatever uid
the Web server runs under.

> When clicking on the URL a patch or description is not presented. Can
> someone supply a URL that will give me more info, please?


There were followup postings that offered alternative solutions, although
the patch in the message above is the one in the current Beta tree (or 
at least the last time that I looked :)


More information about the Mailman-Users mailing list