[Mailman-Users] Re: Critical security update for Mailman 2.1.5
Chuq Von Rospach
chuqui at plaidworks.com
Thu Feb 10 17:24:23 CET 2005
On Feb 10, 2005, at 8:17 AM, dave at umiacs.umd.edu wrote:
> Am I correct in assuming the attack only allows hackers to access
> (read)
> files? Yes, I understand that if they can read/get mailman passwords,
> they
> can obviously change lists but nothing more nefarious than that?
they can not only get the passwords, but your subscriber lists. that
is, I think, nefarious enough. it means you're one spambot away from
handing over all your users to the blackhats.
More information about the Mailman-Users
mailing list