Bugtraq mailing list archives
Re: majordomo 1.94.5 does not fix all vulnerabilities
From: cwilson () NEU SGI COM (Chan Wilson)
Date: Tue, 25 Jan 2000 12:20:28 +0100
Brock Sides <bsides () TOWERY COM> spaketh thusly on Mon, 24 Jan 2000 14:55:42 -0600 about majordomo 1.94.5 does not fix all vulnerabilities...
Whereas majordomo 1.94.5 does fix the bug in resend, discovered by Brock Tellier, that permits execution of arbitrary code as user majordomo, it apparently does not fix the other bug in the script majordomo, that permits execution of arbitrary config files as user majordomo:
Correct. That is far better addressed at a o/s level by protecting the directory that the majordomo code lives in. A security note has been added to the top of the INSTALL document that attempts to highlight this matter: ** SECURITY ALERT ** The default installation of Majordomo, including the checks that config-test does, WILL NOT RESULT IN A SECURE INSTALLATION. In particular, the majordomo home directory and the "wrapper" program are, by default, accessible to any user. These open privileges can be (mis)used to change list membership, list configuration details, forge email, perhaps even create and/or delete lists, and anything else that the majordomo user has permissions to do. If Majordomo is *NOT* installed on a secured system with controlled access (and if you are paranoid, even if it is), you will need to take additional steps to prevent access to the majordomo directories. Usually, changing the privileges of the majordomo home directory to be 0750 fixes these problems, but creates the additional burden of needing to configure the MTA (sendmail, qmail, exim) properly so that it can read and execute "wrapper". Such configuration is beyond the scope of this install document, and is left to the FAQ (Doc/FAQ, Doc/majordomo-faq.html) and the support group majordomo-users () greatcircle com to answer. ** SECURITY ALERT ** While it is possible, as has been posted earlier, to patch all the code that uses the -C configuration file flag, *and* patch resend to only allow execution of code in specific directories, *and* rework code so it knows where to find the relocated code, it is far easier to simply prevent access to the majordomo directory (including access log, list configuration, membership, etc) which gives security from both execution of arbitrary code *and* information security for the distribution lists. --Chan majordomo maintainer.
Current thread:
- Re: usual iploggers miss some variable stealth scans David LeBlanc (Jan 18)
- <Possible follow-ups>
- Re: usual iploggers miss some variable stealth scans Hank Leininger (Jan 18)
- Re: usual iploggers miss some variable stealth scans Oliver Friedrichs (Jan 19)
- Re: usual iploggers miss some variable stealth scans Ralf Laue (Jan 21)
- Re: usual iploggers miss some variable stealth scans antirez (Jan 22)
- Re: usual iploggers miss some variable stealth scans Theo de Raadt (Jan 23)
- Security Bulletins Digest Aleph One (Jan 24)
- majordomo 1.94.5 does not fix all vulnerabilities Brock Sides (Jan 24)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Chan Wilson (Jan 25)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Dave Barr (Jan 25)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Olaf Kirch (Jan 25)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Martin Mares (Jan 25)