DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 3rd February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,154
Thanked 182 Times in 149 Posts
Default Mailing list application Majordomo 2 reveals file content

From http://www.h-online.com/security/new...t-1183034.html

Quote:
A bug in the way path names are evaluated means that it is possible to view the content of arbitrary files on a Majordomo mailing list system using the help command. The vulnerability can be exploited via both the web and email interfaces in Mojordomo2. According to a security advisory, simply sending an email with the content help ../../../../../../../../../../../../../etc/passwd to the Majordomo account is sufficient to receive a response containing the content of the /etc/password file. The bug is fixed in snapshot versions majordomo-20110125 (direct download) and later.)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 3rd February 2011 at 08:56 PM. Reason: Stressing it is Majordomo 2 (thanks jggimi )
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to forward OpenBSD mailing list? fender0107401 OpenBSD General 2 12th December 2010 03:56 PM
OpenBSD misc mailing list troll J65nko Off-Topic 11 6th November 2010 08:07 PM
OpenBSD clarifying the role of OpenBSD's tech@ mailing list ocicat News 0 28th August 2010 04:54 AM
OpenBSD mailing list Mr-Biscuit Off-Topic 4 2nd May 2010 04:06 PM
Web content filtering Crypt FreeBSD Security 14 14th December 2008 02:38 PM


All times are GMT. The time now is 10:55 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick