Debian 2.1: majordomo vulnerability
Debian 2.1: majordomo vulnerability
Any local user can trick majordomo into executing arbitrary code or to create or write files as the majordomo user anywhere on the filesystem.
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Wichert Akkerman June 3, 2000 - ------------------------------------------------------------------------ Package : majordomo Problem type : local exploit Debian-specific: no The majordomo package as shipped in the non-free section accompanying Debian GNU/Linux 2.1/slink allows any local user to trick majordomo into executing arbitrary code or to create or write files as the majordomo user anywhere on the filesystem. This is a documented issue and the advised work around it to either have no untrusted users on a system running majordomo or to use a setuid wrapper that the MTA delivery agent can run. suboptimal solution. We feel that those options are not a good solution, but unfortunately the majordomo license does not allow us to fix these problems and distribute a fixed version. As a result we have decided to remove majordomo from our archives. If you are using majordomo we recommend that you replace it with one of the many other mailing-list tools available such as fml, mailman or smartlist. - -- - ---------------------------------------------------------------------------- For apt-get: deb https://security.debian.org/ stable updates For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOTlZ/6jZR/ntlUftAQFQ6QL/XyB4EprpjY4D2eusMd9PR+UKKh0jI7Zi IMWf0Avik9wN6HWba64kODvePxKChnh7z2jvG3hz8CIZr6siYsTuFWtu2UkVhdZj THnYqB87Sqp7XIdO46R7qjnLU0KibPqQ =w/uo -----END PGP SIGNATURE-----