Bugtraq mailing list archives
Re: Majordomo /tmp exploit
From: steve () SILUG ORG (Steven Pritchard)
Date: Thu, 26 Mar 1998 19:26:37 -0600
Karl G - NOC Admin said:
-=x-ploit=- create a symlink in /tmp to any majordomo file ex: ln -s /usr/lib/majordomo/majordomo /tmp/majordomo.debug
Looking at the latest version of majordomo (1.94.4), it seems the problem isn't that bad. A well-configured majordomo is not vulnerable. (By "well-configured", I mean where the admin has edited majordomo.cf to change $TMPDIR to something not world-writable. If you haven't done that yet, do it now.) I did find one case where majordomo doesn't honor the $TMPFILE variable though. Apply the following patch to fix it: -- Cut here -- --- majordomo.pl.orig Wed Aug 27 09:58:53 1997 +++ majordomo.pl Thu Mar 26 18:42:29 1998 @@ -324,7 +324,7 @@ } # These are package globals referenced by &setlogfile and &log -$log_file = "/tmp/log.$$"; +$log_file = "$main'TMPDIR/log.$$"; $log_host = "UNKNOWN"; $log_program = "UNKNOWN"; $log_session = "UNKNOWN"; -- end -- Enjoy. Steve -- steve () silug org | Linux Users of Central Illinois (217)698-1694 | Meetings the 4th Tuesday of every month Steven Pritchard | http://www.luci.org/ for more info
Current thread:
- Re: apache+ssl 1.13 symlink problem Ben Laurie (Mar 24)
- Re: apache+ssl 1.13 symlink problem; NcFTP 2.4.2+ Mike Gleason (Mar 24)
- Clarification Mike Gleason (Mar 24)
- Protocol Aleph One (Mar 24)
- SECURITY: new svgalib and kbd now available Erik Troan (Mar 25)
- Sumbit Internet Account v1.1 Dax Kelson (Mar 25)
- Majordomo /tmp exploit Karl G - NOC Admin (Mar 26)
- FW: mysql: Trivial mSQL/MySQL DoS method? (fwd) Michael Widenius (Mar 26)
- Re: Majordomo /tmp exploit Steven Pritchard (Mar 26)
- easy DoS in most RPC apps Peter van Dijk (Mar 28)
- Netscape passes mailbox path and message ID as refferer Rop Gonggrijp (Mar 28)
- Hole. HKirk (Mar 28)
- Rhino9: WinGate Vulnerability Aleph One (Mar 29)
- MySQL Security Sandu Mihai (Mar 29)
- Re: MySQL Security Aleph One (Mar 29)
- Eudora Pro 4.0 attachment/long filename problem whiz (Mar 29)
- mysql: MySQL Security Michael Widenius (Mar 29)
- wtmpx utility for solaris Ryan (Mar 30)
- Re: wtmpx utility for solaris Mikael Brandstrom (Mar 31)
- Majordomo /tmp exploit Karl G - NOC Admin (Mar 26)