[Mailman-Users] security heads up - path traversal with 2.1.5

Ron Brogden domains at islandnet.com
Wed Feb 9 20:18:20 CET 2005


Hey folks.  I haven't see an official post here yet but as this has already 
gone out on at least one full-disclosure list I thought it worth mentioning 
since this will be an actively exploited 0 day:

http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html

Basically, there is a path traversal issue with mailman 2.1.5 which will let 
you access any file that the Mailman user has read access to (at least under 
Apache 1.3, can't speak for other web servers).  I have tested this on a 
personal box and it does indeed work as advertised.

One temporary workaround is to stop access to "/mailman/private" via your web 
server configuration.  I would wait for a formal patch notice from the 
developers before patching the actual Mailman code.

Cheers,

Ron



More information about the Mailman-Users mailing list