Mailman is the GNU mailing list manager. It provides standard list management features, integrated with a web interface. Pipermail is a mailing list archiving software distributed with and integrated with Mailman. A security vulnerability in the product allows local attackers to view archived (possibly private) mailing list archives without requiring any special security privileges.
Credit:
The information has been provided by H. Peter Anvin.
If you have (a) private Mailman mailing lists and (b) user logins on the same machine, any local user can read the archives of those private mailing lists.
$mailman_root/archive/private is o+x in the default installation. This allows anyone with local access to the machine to read the archives of private mailing lists, as long as they know the (trivial) structure of the files beneath this directory.
Note:
Changing this directory to o-x causes *all* Pipermail pages to become inaccessible, so that does not resolve the problem.
Vendor response:
"I'm not inclined to fix this, since this arrangement is crucial to the web security of private archives. Since Mailman is usually run on mail and/or web servers that have very limited access anyway, I don't consider this an important vulnerability." - Barry Warsaw
