GEN:SID | 1:661 |
Message | SMTP majordomo ifs |
Summary | This event is generated when an attempt is made to exploit a problem with Majordomo software that allows arbitrary commands to be executed on the server.
|
Impact | Attempted administrator access. This is an attempt to execute a command on a server where Majordomo is installed.
|
Detailed Information | Majordomo is an application that automates mailing list management. An input validation error allows attackers to use a malformed email header as a command that will be executed on the host. To be vulnerable, the server must use a list or a hidden list and the configuration file must specify an advertise or noadvertise option. This has been documented as either a local or remote attack on the host.
|
Affected Systems | Majordomo versions up to and including 1.94.4.
|
Attack Scenarios | An attacker can send a malformed e-mail header to the Majordomo host. The host executes a command that facilitates access to the host.
|
Ease of Attack | Simple. Use an appropriate malformed header and supply a command that enables access to the host.
|
Corrective Action | Upgrade to Majordomo version 1.94.5 or higher. |
Additional References | Bugtraq: http://www.securityfocus.com/bid/2310
Arachnids: http://www.whitehats.com/info/IDS143
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0207
|
Rule References | cve: 1999-0207
bugtraq: 2310
arachnids: 143
|