Hello,
My name is Isaac Dawson and I work for a security
auditing company. When working on a client who uses your mailman program, I
noticed any un-authenticated user can spill the environment variables of the
host.
Case and Point: http://mailman.list.org/mailman/edithtml
This may not seem like much, but it will give an
attacker much more information about what is installed, the path, and the OS. I
will be submitting this bug to securityfocus.com but only after I notify you.
Please respond ASAP!
Thank you,
Isaac Dawson
Security Engineer
Athena Group, Inc
p:781.641.1310 x 205
|