[Mailman-Users] security heads up - path traversal with 2.1.5

Ron Brogden rb at islandnet.com
Wed Feb 9 20:19:46 CET 2005

Hey folks.  I haven't see an official post here yet but as this has already 
gone out on at least one full-disclosure list I thought it worth mentioning 
since this will be an actively exploited 0 day:


Basically, there is a path traversal issue with mailman 2.1.5 which will let 
you access any file that the Mailman user has read access to (at least under 
Apache 1.3, can't speak for other web servers).  I have tested this on a 
personal box and it does indeed work as advertised.

One temporary workaround is to stop access to "/mailman/private" via your web 
server configuration.  I would wait for a formal patch notice from the 
developers before patching the actual Mailman code.



More information about the Mailman-Users mailing list