[Mailman-Users] Re: Critical security update for Mailman 2.1.5

AJ aj at mindcrash.com
Thu Feb 10 17:36:59 CET 2005


Patch seems ok on 2.1.  Is there a way to test if it's working and we are
protected?  Maybe someone can respond offlist with a test URL of some 
kind that
would trigger a log in the mischief log.

Thanks.


>
> On Feb 10, 2005, at 8:17 AM, dave at umiacs.umd.edu wrote:
>
>> Am I correct in assuming the attack only allows hackers to access (read)
>> files?  Yes, I understand that if they can read/get mailman passwords, they
>> can obviously change lists but nothing more nefarious than that?
>
> they can not only get the passwords, but your subscriber lists. that
> is, I think, nefarious enough. it means you're one spambot away from
> handing over all your users to the blackhats.
>







More information about the Mailman-Users mailing list