[Mailman-Users] Re: Critical security update for Mailman 2.1.5

AJ aj at mindcrash.com
Fri Feb 11 14:34:35 CET 2005

This also stripped it down for me.
I do not see any logs in error or mischief.
How can I get it to actually log the attempt so I know this is working.


Quoting Tokio Kikuchi <tkikuchi at is.kochi-u.ac.jp>:

> AJ wrote:
>> How can we test that the patch is working?  Is there a way to cause the log
>> message to be written to the mischief log?  Just want to make sure 
>> the patch is
>> working, any help would be great.
> Principally, add /../ in your browser's url box after authenticate
> yourself for the private archive page:
> http://your.host/mailman/private/yourlist/../
> But my browser is clever enough to strip this to
> http://your.host/mailman/private/
> :-<
> Note that this is not an exploit. You will find other malicious attempts
> in logs/error.
> -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
> http://weather.is.kochi-u.ac.jp/

More information about the Mailman-Users mailing list