[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
- Subject: Re: [cobalt-users] [Cobalt] Security Advisory - Majordomo
- From: Duncan Laurie <duncan@xxxxxxxxxx>
- Date: Mon Jan 10 13:43:29 2000
- Organization: Cobalt Networks
yes, the majordomo exploits are only valid for telnet users. you brought up a
good question about why the majordomo people havn't been discussing this... the
current version (1.94.4) was released in october 1997. and it is still being
distributed from the majordomo home page. i originally saw the exploits on
bugtraq:
dec 28th, bugtraq id 902: Majordomo Local resend Vulnerability
dec 29th, bugtraq id 903: Majordomo Local -C Parameter Vulnerability
but I don't monitor the majordomo lists so i'm not sure when they were informed
of the problems.. i did find some references on the majordomo-users list:
http://www.greatcircle.com/lists/majordomo-users/mhonarc/majordomo-users.200001/msg00051.html
and some detailed discussion and patches on the majordomo-workers list:
http://www.greatcircle.com/lists/majordomo-workers/mhonarc/majordomo-workers.200001/threads.html
later,
-duncan
Jeff Lasman wrote:
>
> Thank you very much, Jeff.
>
> Any reason you know of why the majordomo people haven't been discussing this?
>
> The only real problem is users logged in locally, right?
>
> Thanks.
>
> Jeff
>
> At 11:51 AM 1/10/00 Jeff Bilicki wrote:
> >This problems exists in all versions of majordomo, I would suggest
> >downloading the security patch to /tmp.
> > ...<balance snipped>...
>
> --
> Jeff Lasman, nobaloney.net
> <jblists@xxxxxxxxxxxxx>
> <www.nobaloney.net>, <www.mailtraqna.com>, <www.email-lists.com>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users