OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

mailman -- directory traversal vulnerability

Affected packages
mailman < 2.1.5p3
mailman-postfix < 2.1.5p3

Details

VuXML ID b735b5b2-7b7c-11d9-b18e-080020fe8945
Discovery 2005-02-09
Entry 2005-02-10

On 7th February 2005 I was notified of a number of potentially - compromised Full-Disclosure subscriber accounts. Following an investigation it appears that the Mailman configuration database was obtained from lists.netsys.com on 2nd January 2005 using a remote directory traversal exploit for a previously unpublished vulnerability in Mailman 2.1.5.

[source]

References

CVE Name CAN-2005-0202
URL http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.