[Mailman-Users] Re: Critical security update for Mailman 2.1.5

dave at umiacs.umd.edu dave at umiacs.umd.edu
Thu Feb 10 17:17:13 CET 2005

Am I correct in assuming the attack only allows hackers to access (read)
files?  Yes, I understand that if they can read/get mailman passwords, they
can obviously change lists but nothing more nefarious than that? ie not
change OS files or mailman sw? And would it be presumptuous of me to think 
this means only users mailman passwords but not mailman sitepassword can be
compromised as the latter is stored encrypted, right? (Ok, they could 
brute-force the encryption)   Same true of list moderator passwords?

  =-=-=-=-=-=-=-=-=-=-  generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-=
  David Stern                                    University of Maryland
            Institute for Advanced Computer Studies

More information about the Mailman-Users mailing list