[Mailman-Users] Possible Security Issue with Mailman v1.1 and 2.0.5
moomonk at daisy-chan.org
Sat Jul 14 17:38:56 CEST 2001
Huh. I'm only a user of mailman but this doesn't do anything to my host
using Mailman 2.0.5. This is pretty much a default install with a single
group. Isaac, can you tell us more detail on when this happens?
On Sat, 14 Jul 2001, isaac dawson wrote:
> My name is Isaac Dawson and I work for a security auditing company. When working on a client who uses your mailman program, I noticed any un-authenticated user can spill the environment variables of the host.
> Case and Point: http://mailman.list.org/mailman/edithtml
> This may not seem like much, but it will give an attacker much more information about what is installed, the path, and the OS. I will be submitting this bug to securityfocus.com but only after I notify you. Please respond ASAP!
> Thank you,
> Isaac Dawson
> Security Engineer
> Athena Group, Inc
> p:781.641.1310 x 205
More information about the Mailman-Users