Re: Vulnerability in Majordomo

Oliver Xymoron (oxymoron@waste.org)
Tue, 26 Aug 1997 15:19:53 -0500

On Sun, 24 Aug 1997, Razvan Dragomirescu wrote:

> I have discovered a vulnerablility in "majordomo" that allows local and
> remote users to execute commands with the rights of the user running the
> server. This user is usually in the daemon group, so this can be quite
> harmful.

This should fix the problem in a fairly straightforward manner:

--- majordomo-pre-list-fix Tue Aug 26 14:11:07 1997
+++ majordomo Tue Aug 26 15:06:52 1997
@@ -1374,7 +1374,7 @@
if ($'config_opts{$list, 'advertise'} ne '') {
@array = split(/\001/,$'config_opts{$list,
'advertise'});
foreach $i (@array) {
- $command = "(q~$reply_addr~ =~ $i)";
+ $command = '($reply_addr'." =~ $i)";
$result = 1, last if (eval $command);
}
} else { $result = 1; }
@@ -1384,7 +1384,7 @@
@array = split(/\001/,$'config_opts{$list,
'noadvertise'});

foreach $i (@array) {
- $command = "(q~$reply_addr~ =~ $i)";
+ $command = '($reply_addr'." =~ $i)";
$result = 0, last if (eval $command);
}
}

--
 "Love the dolphins," she advised him. "Write by W.A.S.T.E.."