[LINK] Age reports mailing list hack
stephen at melbpc.org.au
Sat Feb 12 03:01:08 EST 2005
Hi Tony, and all ..
Apparently there's an unpublished Mailman configuration database remote
directory traversal exploit.
Vulnerability mailing list compromised
By Sam Varghese
February 10, 2005
Several accounts of subscribers to the Full-Disclosure vulnerability
mailing list have been compromised, the list administrator John Cartwright
said in a posting to the list yesterday.
Cartwright, who took over the job of admin a few days back after the
creator of the list, Len Rose, stepped down, said an investigation showed
that the compromise had taken place through a vulnerability in s -
software which is used to run the list.
Full-Disclosure has evolved into the most popular of the vulnerability
mailing lists in recent years, taking over from Bugtraq after the latter
was purchased by Symantec.
Cartwright said he had been notified of a number of potentially compromised
accounts on February 7. He said it appeared that the Mailman configuration
database had been obtained through a remote directory traversal exploit for
a previously unpublished flaw in the software.
"Subscriber addresses and passwords have been compromised. All list members
are advised to change their password immediately. There do not appear to be
further signs of intrusion although investigations continue," he said.
More information about the Link