[5191] in bugtraq
Re: Vulnerability in Majordomo
daemon@ATHENA.MIT.EDU (Oliver Xymoron)
Tue Aug 26 18:30:46 1997
Date: Tue, 26 Aug 1997 15:19:53 -0500
Reply-To: Oliver Xymoron <oxymoron@waste.org>
From: Oliver Xymoron <oxymoron@WASTE.ORG>
X-To: Razvan Dragomirescu <drazvan@kappa.ro>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.970824150942.13326A-100000@pop3.kappa.ro>
On Sun, 24 Aug 1997, Razvan Dragomirescu wrote:
> I have discovered a vulnerablility in "majordomo" that allows local and
> remote users to execute commands with the rights of the user running the
> server. This user is usually in the daemon group, so this can be quite
> harmful.
This should fix the problem in a fairly straightforward manner:
--- majordomo-pre-list-fix Tue Aug 26 14:11:07 1997
+++ majordomo Tue Aug 26 15:06:52 1997
@@ -1374,7 +1374,7 @@
if ($'config_opts{$list, 'advertise'} ne '') {
@array = split(/\001/,$'config_opts{$list,
'advertise'});
foreach $i (@array) {
- $command = "(q~$reply_addr~ =~ $i)";
+ $command = '($reply_addr'." =~ $i)";
$result = 1, last if (eval $command);
}
} else { $result = 1; }
@@ -1384,7 +1384,7 @@
@array = split(/\001/,$'config_opts{$list,
'noadvertise'});
foreach $i (@array) {
- $command = "(q~$reply_addr~ =~ $i)";
+ $command = '($reply_addr'." =~ $i)";
$result = 0, last if (eval $command);
}
}
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
