• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Mailman Unspecified Password Retrieval Vulnerability

Mailman is prone to an unspecified password retrieval vulnerability. This vulnerability was disclosed by the vendor. Reportedly, a remote attacker can gain access to user passwords, when the users subscribe to a mailing list.

A remote attacker can use the sensitive information to hijack user accounts or carry out other attacks. Further information about this issue states that to exploit this vulnerability an attacker does not need to be subscribed to the list. The attacker needs to be able to mail <listname>-request@<listhost> and know the email address of a user to disclose the user's password.

It is reported this issue affects Mailman 2.1.x versions.

Due to a lack of details further information is not available at the moment. This BID will be updated as more information becomes available.