Huh. I'm only a user of mailman but this doesn't do anything to my host
using Mailman 2.0.5. This is pretty much a default install with a single
group. Isaac, can you tell us more detail on when this happens?
Josh
On Sat, 14 Jul 2001, isaac dawson wrote:
> Hello,
> My name is Isaac Dawson and I work for a security auditing company. When working on
>a client who uses your mailman program, I noticed any un-authenticated user can spill
>the environment variables of the host.
> Case and Point: http://mailman.list.org/mailman/edithtml
> This may not seem like much, but it will give an attacker much more information
>about what is installed, the path, and the OS. I will be submitting this bug to
>securityfocus.com but only after I notify you. Please respond ASAP!
> Thank you,
> Isaac Dawson
> Security Engineer
> Athena Group, Inc
> p:781.641.1310 x 205
>
>
------------------------------------------------------
Mailman-Users maillist - [EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
