The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to open by default, which allows remote attackers to identify the email addresses of members of mailing lists via a which command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Majordomo | Great_circle_associates | * | 2.0 (including) |
| Majordomo | Great_circle_associates | 1.94.4 (including) | 1.94.4 (including) |
| Majordomo | Great_circle_associates | 1.94.5 (including) | 1.94.5 (including) |
References
- http://securityreason.com/securityalert/3235
- http://www.securityfocus.com/archive/1/310113
- http://www.securityfocus.com/bid/6761
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11243
- http://securityreason.com/securityalert/3235
- http://www.securityfocus.com/archive/1/310113
- http://www.securityfocus.com/bid/6761
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11243