Hello,
I did not find this in your mailing list archive, so I'm just forwarding
it. If is it already known, please apologize.
Martin
If you want to respond, please CC: me because I'm not on the list. ;-)
-------------------------------------------------------------------------
| Martin MOKREJS - Net&SysAdmin |
| PGP 5.0i key at: finger://mail.natur.cuni.cz/mmokrejs |
| mmokrejs@natur.cuni.cz Faculty of Science, The Charles University |
| tel.: +420-2-2195 2315 Albertov 6, PRAGUE 2, 128 43, Czech Republic |
-------------------------------------------------------------------------
---------- Forwarded message ----------
Date: Thu, 26 Mar 1998 19:26:37 -0600
From: Steven Pritchard <steve@SILUG.ORG>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Majordomo /tmp exploit
Karl G - NOC Admin said:
> -=x-ploit=-
> create a symlink in /tmp to any majordomo file
> ex: ln -s /usr/lib/majordomo/majordomo /tmp/majordomo.debug
Looking at the latest version of majordomo (1.94.4), it seems the
problem isn't that bad. A well-configured majordomo is not
vulnerable. (By "well-configured", I mean where the admin has edited
majordomo.cf to change $TMPDIR to something not world-writable. If
you haven't done that yet, do it now.)
I did find one case where majordomo doesn't honor the $TMPFILE
variable though. Apply the following patch to fix it:
-- Cut here --
--- majordomo.pl.orig Wed Aug 27 09:58:53 1997
+++ majordomo.pl Thu Mar 26 18:42:29 1998
@@ -324,7 +324,7 @@
}
# These are package globals referenced by &setlogfile and &log
-$log_file = "/tmp/log.$$";
+$log_file = "$main'TMPDIR/log.$$";
$log_host = "UNKNOWN";
$log_program = "UNKNOWN";
$log_session = "UNKNOWN";
-- end --
Enjoy.
Steve
--
steve@silug.org | Linux Users of Central Illinois
(217)698-1694 | Meetings the 4th Tuesday of every month
Steven Pritchard | http://www.luci.org/ for more info
Follow-Ups:
|
|
