Majordomo-Users: security hole

Majordomo-Users
(March 2004)

Indexed By Thread: [Previous] [Next]

Subject:	security hole
From:	"MajorDomo Administrator, MSER:EX" <Majordomo . Admin @ gems1 . gov . bc . ca>
Date:	Fri, 26 Mar 2004 14:06:24 -0800
To:	"'Majordomo-Users @ greatcircle . com'" <Majordomo-Users @ greatcircle . com>

We noticed a bad security hole with our majordomo lists.  It was brought to
our attention by the list subscribers who were getting spoofed virus
rejections.  The rejections were going to the listname-outgoing address and
therefore bypassing the requirement for moderation.

Has anyone else had this problem and how did they patch it?

a template of aliases file config

owner-l_tk_testlist: l_tk_testlist-owner
l_tk_testlist: "|/home/majordomo/wrapper resend -l l_tk_testlist -h
listsserver.ca -f l_tk_testlist-owner l_tk_testlist-outgoing"
l_tk_testlist-owner: me@myaddress
l_tk_testlist-approval: l_tk_testlist-owner
owner-l_tk_testlist-approval: l_tk_testlist-owner
l_tk_testlist-outgoing: :include:/home/majordomo/lists/l_tk_testlist
owner-l_tk_testlist-outgoing: l_tk_testlist-owner

Thanks,
Majordomo Support   
mailto:Majordomo.Admin@gems1.gov.bc.ca

Follow-Ups:

Re: security hole
From: Nicholas Anderson <nicholas@fiocruz.br>
Re: security hole (not)
From: Daniel Liston <dliston@sonny.org>
Wholesale blacklisting by AHBL
From: "Ed Gregory" <ed@gregorynet.net>
Re: security hole
From: "Roger B.A. Klorese" <rogerk@queernet.org>
Re: security hole
From: John Sechrest <sechrest@peak.org>

Indexed By Date	Previous:	Controlling the max message size for a list From: Greg Dec <gmdec@naz.edu>
Indexed By Date	Next:	Re: security hole From: John Sechrest <sechrest@peak.org>
Indexed By Thread	Previous:	Re: Controlling the max message size for a list From: Daniel Liston <dliston@sonny.org>
Indexed By Thread	Next:	Re: security hole From: John Sechrest <sechrest@peak.org>