[Mailman-Users] Mailman Security.
Keith Mastin
kmastin at beechtree.ca
Fri Feb 7 00:30:22 CET 2003
>On Wed, 5 Feb 2003 13:47:48 +0000
>Adam <lists at monkeez.co.uk> wrote:
>
>> On Wed, 5 Feb 2003 11:44:10 -0000
>> "dino" <dinouk at orange.net> wrote:
>>
>> > Actually he did it this way:
>> >
>> > Noticed that mydomain/mailman was browsable.
>> >
>> > Telneted to port 80 and sent a get request from there...ouch.
>> >
>> > Sorting that now
>> >
>> > Dino
>> >
>>
>The fact that telnet is open pretty much says everything about this
>sysadmin's approach to security.
>
IIRC, he didn't say telnetd was open, just that a friend telnetted into
the mailman directory via port 80(httpd) and got more than he bargained
for.
OP: rpm -e telnetd
More information about the Mailman-Users
mailing list