[Mailman-Users] Possible Security Issue with Mailman v1.1 and 2.0.5

isaac dawson idawson at athenasecurity.com
Sun Jul 15 00:03:16 CEST 2001

My name is Isaac Dawson and I work for a security auditing company. When working on a client who uses your mailman program, I noticed any un-authenticated user can spill the environment variables of the host. 
Case and Point: http://mailman.list.org/mailman/edithtml
This may not seem like much, but it will give an attacker much more information about what is installed, the path, and the OS. I will be submitting this bug to securityfocus.com but only after I notify you. Please respond ASAP!
Thank you,
Isaac Dawson
Security Engineer
Athena Group, Inc
p:781.641.1310 x 205

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/mailman-users/attachments/20010714/bcebc916/attachment.html 

More information about the Mailman-Users mailing list