Debian 2.1: majordomo vulnerability

    Date 03 Jun 2000
    3594
    Posted By LinuxSecurity Advisories
    Any local user can trick majordomo into executing arbitrary code or to create or write files as the majordomo user anywhere on the filesystem.
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                         Wichert Akkerman
    June  3, 2000
    - ------------------------------------------------------------------------
    
    
    Package        : majordomo
    Problem type   : local exploit
    Debian-specific: no
    
    The majordomo package as shipped in the non-free section accompanying
    Debian GNU/Linux 2.1/slink allows any local user to trick majordomo into
    executing arbitrary code or to create or write files as the majordomo user
    anywhere on the filesystem.
    
    This is a documented issue and the advised work around it to either have
    no untrusted users on a system running majordomo or to use a setuid
    wrapper that the MTA delivery agent can run.
    suboptimal solution.
    
    We feel that those options are not a good solution, but unfortunately the
    majordomo license does not allow us to fix these problems and distribute a
    fixed version. As a result we have decided to remove majordomo from our
    archives.
    
    If you are using majordomo we recommend that you replace it with one
    of the many other mailing-list tools available such as fml, mailman
    or smartlist.
    
    - --
    - ----------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable updates
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQB1AwUBOTlZ/6jZR/ntlUftAQFQ6QL/XyB4EprpjY4D2eusMd9PR+UKKh0jI7Zi
    IMWf0Avik9wN6HWba64kODvePxKChnh7z2jvG3hz8CIZr6siYsTuFWtu2UkVhdZj
    THnYqB87Sqp7XIdO46R7qjnLU0KibPqQ
    =w/uo
    -----END PGP SIGNATURE-----
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"23","type":"x","order":"1","pct":95.83,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":4.17,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.