View Single Post
  #1   (View Single Post)  
Old 3rd February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Mailing list application Majordomo 2 reveals file content

From http://www.h-online.com/security/new...t-1183034.html

Quote:
A bug in the way path names are evaluated means that it is possible to view the content of arbitrary files on a Majordomo mailing list system using the help command. The vulnerability can be exploited via both the web and email interfaces in Mojordomo2. According to a security advisory, simply sending an email with the content help ../../../../../../../../../../../../../etc/passwd to the Majordomo account is sufficient to receive a response containing the content of the /etc/password file. The bug is fixed in snapshot versions majordomo-20110125 (direct download) and later.)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 3rd February 2011 at 08:56 PM. Reason: Stressing it is Majordomo 2 (thanks jggimi )
Reply With Quote