Linux Security
    Linux Security
    Linux Security

    Debian 2.1: majordomo vulnerability

    Date 03 Jun 2000
    3728
    Posted By LinuxSecurity Advisories
    Any local user can trick majordomo into executing arbitrary code or to create or write files as the majordomo user anywhere on the filesystem.
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                         Wichert Akkerman
    June  3, 2000
    - ------------------------------------------------------------------------
    
    
    Package        : majordomo
    Problem type   : local exploit
    Debian-specific: no
    
    The majordomo package as shipped in the non-free section accompanying
    Debian GNU/Linux 2.1/slink allows any local user to trick majordomo into
    executing arbitrary code or to create or write files as the majordomo user
    anywhere on the filesystem.
    
    This is a documented issue and the advised work around it to either have
    no untrusted users on a system running majordomo or to use a setuid
    wrapper that the MTA delivery agent can run.
    suboptimal solution.
    
    We feel that those options are not a good solution, but unfortunately the
    majordomo license does not allow us to fix these problems and distribute a
    fixed version. As a result we have decided to remove majordomo from our
    archives.
    
    If you are using majordomo we recommend that you replace it with one
    of the many other mailing-list tools available such as fml, mailman
    or smartlist.
    
    - --
    - ----------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable updates
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQB1AwUBOTlZ/6jZR/ntlUftAQFQ6QL/XyB4EprpjY4D2eusMd9PR+UKKh0jI7Zi
    IMWf0Avik9wN6HWba64kODvePxKChnh7z2jvG3hz8CIZr6siYsTuFWtu2UkVhdZj
    THnYqB87Sqp7XIdO46R7qjnLU0KibPqQ
    =w/uo
    -----END PGP SIGNATURE-----
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"13","type":"x","order":"1","pct":3.95,"resources":[]},{"id":"159","title":"False","votes":"316","type":"x","order":"2","pct":96.05,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.