[Mailman-Users] Re: Critical security update for Mailman 2.1.5

Chuq Von Rospach chuqui at plaidworks.com
Thu Feb 10 17:24:23 CET 2005

On Feb 10, 2005, at 8:17 AM, dave at umiacs.umd.edu wrote:

> Am I correct in assuming the attack only allows hackers to access 
> (read)
> files?  Yes, I understand that if they can read/get mailman passwords, 
> they
> can obviously change lists but nothing more nefarious than that?

they can not only get the passwords, but your subscriber lists. that 
is, I think, nefarious enough. it means you're one spambot away from 
handing over all your users to the blackhats.

More information about the Mailman-Users mailing list