[Mailman-Users] Re: Critical security update for Mailman 2.1.5
dave at umiacs.umd.edu
dave at umiacs.umd.edu
Thu Feb 10 17:17:13 CET 2005
Am I correct in assuming the attack only allows hackers to access (read)
files? Yes, I understand that if they can read/get mailman passwords, they
can obviously change lists but nothing more nefarious than that? ie not
change OS files or mailman sw? And would it be presumptuous of me to think
this means only users mailman passwords but not mailman sitepassword can be
compromised as the latter is stored encrypted, right? (Ok, they could
brute-force the encryption) Same true of list moderator passwords?
=-=-=-=-=-=-=-=-=-=- generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-=
David Stern University of Maryland
Institute for Advanced Computer Studies
More information about the Mailman-Users
mailing list