CVE-2011-0049

Name of the Vulnerable Software and Affected Versions Majordomo versions prior to 20110131

Description The issue allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command. This can be achieved by sending a crafted email or by exploiting the web interface, specifically the cgi-bin/mj wwwusr endpoint.

Recommendations For versions prior to 20110131, update to version 20110131 or later to resolve the issue. As a temporary workaround, consider restricting access to the help command and the cgi-bin/mj wwwusr endpoint in the web interface until the update is applied.