[Mailman-Users] security heads up - path traversal with 2.1.5
Ron Brogden
rb at islandnet.com
Wed Feb 9 20:19:46 CET 2005
Hey folks. I haven't see an official post here yet but as this has already
gone out on at least one full-disclosure list I thought it worth mentioning
since this will be an actively exploited 0 day:
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html
Basically, there is a path traversal issue with mailman 2.1.5 which will let
you access any file that the Mailman user has read access to (at least under
Apache 1.3, can't speak for other web servers). I have tested this on a
personal box and it does indeed work as advertised.
One temporary workaround is to stop access to "/mailman/private" via your web
server configuration. I would wait for a formal patch notice from the
developers before patching the actual Mailman code.
Cheers,
Ron
More information about the Mailman-Users
mailing list