[Mailman-Users] Possible Security Issue with Mailman v1.1 and 2.0.5
idawson at athenasecurity.com
Sun Jul 15 00:03:16 CEST 2001
My name is Isaac Dawson and I work for a security auditing company. When working on a client who uses your mailman program, I noticed any un-authenticated user can spill the environment variables of the host.
Case and Point: http://mailman.list.org/mailman/edithtml
This may not seem like much, but it will give an attacker much more information about what is installed, the path, and the OS. I will be submitting this bug to securityfocus.com but only after I notify you. Please respond ASAP!
Athena Group, Inc
p:781.641.1310 x 205
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mailman-Users