Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Majordomo SECURITY bug new-list announcement

From: rouilj () cs umb edu (John P. Rouillard)
Date: Wed, 8 Jun 1994 16:50:21 -0400 (EDT)

Here we go again. The original patch for the majordomo bug was
incomplete. A bug has been discovered in the new-list program (and is
being actively exploited) that lets people run commands as the user
that Majordomo runs under.  Patches for 1.62 and 1.90 are being tested
and a full announcement will be posted within 24 hours.  It is prudent
to disable the new-list program in Majordomo by renaming the new-list
program, or deleting it from the aliases file pending availability of
the patch.

This bug is related to but NOT fixed by the majordomo security patch.
If you wish to fix new-list refer to the majordomo security patch for
background information.

                                -- John
John Rouillard

Senior Systems Consultant (SERL Project) University of Massachusetts at Boston
rouilj () cs umb edu (preferred)            Boston, MA, (617) 287-6480
==============================================================================
My employers don't acknowledge my existence much less my opinions.
Previous By Date Next
Previous By Thread Next

Current thread: