[Centos] full-d] Administrivia: List Compromised due to Mailman Vulnerability (fwd)
seth vidal
skvidal at phy.duke.edu
Wed Feb 9 19:53:32 UTC 2005
On Wed, 2005-02-09 at 14:41 -0500, R P Herrold wrote:
> Sorry for the cross post, but this is an important one
> potentially affecting all recipients.
>
> This just crossed the Full Disclosure mailman moderated
> mailing list. It bears a careful read, and thought about
> whether a response is needed.
>
> The implication is that if there is any use of a mailman
> password in common with a password you 'care' about, you need
> to take appropriate action at once. Also some backends merge
> Bugzilla and mailman password stores, which can cause
> unexpected secondary effects.
>
> I have not seen a patch yet, and so one has to assume that the
> configs and passwords for all mailman moderated mailing lists
> are compromised. Once a fix issues, Mailman moderators will
> want to do a global password change, and local list
> modification.
>
the patch to mailman came out weeks ago unless this is a new password
exposure bug.
-sv
More information about the CentOS
mailing list