[Mailman-Users] Re: Critical security update for Mailman 2.1.5
aj at mindcrash.com
Thu Feb 10 17:36:59 CET 2005
Patch seems ok on 2.1. Is there a way to test if it's working and we are
protected? Maybe someone can respond offlist with a test URL of some
would trigger a log in the mischief log.
> On Feb 10, 2005, at 8:17 AM, dave at umiacs.umd.edu wrote:
>> Am I correct in assuming the attack only allows hackers to access (read)
>> files? Yes, I understand that if they can read/get mailman passwords, they
>> can obviously change lists but nothing more nefarious than that?
> they can not only get the passwords, but your subscriber lists. that
> is, I think, nefarious enough. it means you're one spambot away from
> handing over all your users to the blackhats.
More information about the Mailman-Users