[unisog] Recommendation for list management sw
ronaldo at cais.rnp.br
Thu Nov 4 02:14:01 GMT 2004
Actually I intended to answer Stan's original post but I've deleted it...
Well, I wouldn't use Mailman - not anymore, I've changed my mind lately.
Sorry, I don't hate or even love listserv ;-)
We recently issued an advisory (05-28) about a vulnerability in Mailman
versions prior to 2.1.5. It exposes users passwords, all you have to do
is to send a message to listname-request at example.com with the following
The "attacker" has to be a subscriber.
That's all. The malicious subscriber gets the victim's password. Nice for
certain kinds of Social Engineering attacks.
[Mailman-Users] RELEASED Mailman 2.1.5
Nessus Plugins: Mailman password retrieval
CAN-2004-0412 (under review)
You should give a try to EZMLM , a mailing list manager based in qmail.
That's what you'll find inside SecurityFocus lists.
Ronaldo C Vasconcellos
CAIS/RNP - Brazilian Research Network CSIRT
On Wed, 3 Nov 2004, Matt Crawford wrote:
> Date: Wed, 03 Nov 2004 17:33:29 -0600
> From: Matt Crawford <crawdad at fnal.gov>
> Reply-To: UNIversity Security Operations Group <unisog at lists.sans.org>
> To: UNIversity Security Operations Group <unisog at lists.sans.org>
> Subject: Re: [unisog] Recommendation for list management sw
> On Nov 3, 2004, at 11:53, Stan Horwitz wrote:
> > We currently use L-Soft's Listserv software to manage email lists here. I
> > am not happy with this software, nor is my management. I am wondering what
> > other options people on this list can recommend in place of L-Soft's
> > product.
> I passionately loathe listserv. The only reason it's still here is that I am
> not in charge of email.
> I like Mailman.
> Did I mention that I hate listserv?
More information about the unisog