Bugtraq mailing list archives
Re: Majordomo SECURITY problem and fix
From: dans () ans net (Dan Simoes)
Date: Wed, 8 Jun 1994 08:48:02 -0400 (EDT)
Knowing that the bugtraq list used Majordomo, I asked about the security problem on the majordomo-users mailing list. I was forwarded a copy of an announcement that was sent to the majordomo-workers list. I'm not real pleased that I had to actively search for this...
I think the reasoning was that people on the -users list might try to exploit it, whereas people on the -workers list are trying to plug it; just a guess though. For folks running 1.62 out of the box, here's what I think is the quickest fix (as yet unverified but implemented): cd ~majordom chmod 000 wrapper edit the following files and change occurance of "$to" or "$reply_to" to -t as stated in the note sent by John R: majordomo.cf line 21 majordomo.pl line 225 resend line 326,328 new-list 40 request-answer 40 when done, chmod 6775 wrapper Please let me know if this is insufficient. | Dan | -- Dan Simoes dans () ans net Associate Programmer (914) 789-5378 Advanced Network & Services Elmsford, NY
Current thread:
- Re: Majordomo SECURITY problem and fix Dan Simoes (Jun 08)
- <Possible follow-ups>
- Re: Majordomo SECURITY problem and fix Brent Chapman (Jun 08)