Hey folks. I haven't see an official post here yet but as this has already gone out on at least one full-disclosure list I thought it worth mentioning since this will be an actively exploited 0 day:
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html Basically, there is a path traversal issue with mailman 2.1.5 which will let you access any file that the Mailman user has read access to (at least under Apache 1.3, can't speak for other web servers). I have tested this on a personal box and it does indeed work as advertised. One temporary workaround is to stop access to "/mailman/private" via your web server configuration. I would wait for a formal patch notice from the developers before patching the actual Mailman code. Cheers, Ron ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
