Marco Van Berkum

**Name of the Vulnerable Software and Affected Versions** Mailmgr version 1.2.3 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files /tmp/mailmgr.unsort, /tmp/mailmgr.tmp, or /tmp/mailmgr.sort. **Recommendations** For Mailmgr version 1.2.3, consider restricting access to the temporary files /tmp/mailmgr.unsort, /tmp/mailmgr.tmp, and /tmp/mailmgr.sort to prevent a symlink attack until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Majordomo versions 1.94.4 and earlier **Description** The issue allows remote attackers to identify the email addresses of members of mailing lists via a "which" command, due to the `which access` variable being set to "open" by default. **Recommendations** For Majordomo versions 1.94.4 and earlier, consider changing the `which access` variable from "open" to a more restrictive setting to prevent remote attackers from identifying email addresses of mailing list members.