PT-2003-2312 · Majordomo · Majordomo

Jakub Klausa

Published

2003-12-31

Updated

2017-07-29

CVE-2003-1367

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Majordomo versions 1.94.4 and earlier

Description The issue allows remote attackers to identify the email addresses of members of mailing lists via a "which" command, due to the which access variable being set to "open" by default.

Recommendations For Majordomo versions 1.94.4 and earlier, consider changing the which access variable from "open" to a more restrictive setting to prevent remote attackers from identifying email addresses of mailing list members.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2003-1367

Affected Products

Majordomo

PT-2003-2312 · Majordomo · Majordomo

CVE-2003-1367

Weakness Enumeration

Related Identifiers

Affected Products

References · 5