CERT mailing list archives

Current Activity - Majordomo Vulnerable to Directory Traversal

From: Current Activity <us-cert () us-cert gov>
Date: Fri, 4 Feb 2011 12:43:02 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Majordomo Vulnerable to Directory Traversal

Original release date: February 4, 2011 at 12:11 pm
Last revised: February 4, 2011 at 12:11 pm


US-CERT is aware of  a vulnerability affecting Majordomo 2.
Exploitation of this vulnerability may allow an attacker to obtain
sensitive information that could be used to leverage additional
attacks.  Reports indicate that this vulnerability affects builds
20110121 and prior.

US-CERT encourages users and administrators to upgrade to Majordomo 2
build 20110125 and later.  Additional information regarding this
vulnerability can be found in this Sitewatch Advisory.

Relevant Url(s):
<https://sitewat.ch/en/Advisory/View/1>

<http://www.h-online.com/security/news/item/Mailing-list-application-Majordomo-reveals-file-content-1183034.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#majordomo_vulnerable_to_directory_traversal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTUw6eT6pPKYJORa3AQK4aQf/Zr5SNppfljJRvXXcx6htTiYyWTm+xKtM
nvDHE3OMfulIHBMRhG4fKA3kTGNvpiMQW4peu7972QGbq2hhLa1zT52wfpu9IV6g
baPQAdGqPQbJpyXtdKEbUI8eGkjho6/vlD/3yl5mFQyJcSmRPdwJwnsMQ+uiFyYa
YprM15wuiOUKIEJEY2dxLeC+GMa1pUQ0b5ZDgBvvqk5sT5RFG6qbA45KJG2nuLNh
qZbN583p57BKPa8CFWyVt0xuoqxCRbgu9j6L0VGUrXADTBKSu85iwmOS8NKTNeKt
UbKOYb7XRluXPLS/I6hw+HjkQythpKK4fJwMTdoVsxAAESeobLkgLA==
=kN1Y
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Majordomo Vulnerable to Directory Traversal Current Activity (Feb 04)