Vulnerability Note VU#363726

Majordomo 2 _list_file_get() directory traversal vulnerability

Original Release date: 04 Feb 2011 | Last revised: 28 Mar 2011

Overview

Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function, which may allow a remote, unauthenticated attacker to obtain sensitive information.

Description

Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function (lib/Majordomo.pm) caused by an input validation error when handling files. An attacker can exploit this vulnerability via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web).

Additional information regarding this vulnerability can be found in this Sitewatch Advisory.

Impact

A remote unauthenticated attacker could obtain sensitive information.

Solution

Update
Majordomo 2 recommends users update to snapshot 20110204 or later.

Vendor Information (Learn More)

The vulnerability is reported in snapshots prior to 20110204.

VendorStatusDate NotifiedDate Updated
Majordomo 2Affected-04 Feb 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Michael Brooks.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2011-0049
  • Date Public: 04 Feb 2011
  • Date First Published: 04 Feb 2011
  • Date Last Updated: 28 Mar 2011
  • Severity Metric: 25.20
  • Document Revision: 21

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.