 
Mon, 20 Jun 1994 14:46:00 EDT
|
>> The whole subscribers' file for my list was emptied a
>> few days ago; the file existed with no names in it.
>> (I use majordomo, so the software issue is different.) The list I own is r
*********
>fo
>> people who experience mood swings, fear, voices and visions
>> and is titled ThisIsCrazy. If this was indeed sabotage,
>> it would be from bullies.
Though I'm not including the entire text, this was distributed last
week wrt. MAJORDOMO.
From: [log in to unmask] (Michael C. Berch)
Subject: CIAC Bulletin E-30: Majordomo distribution list administrator
Followup-To: comp.security.misc
Date: 16 Jun 1994 00:11:19 GMT
Reply-To: [log in to unmask]
[For further information contact [log in to unmask]]
_____________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
_____________________________________________________
INFORMATION BULLETIN
Majordomo distribution list administrator vulnerabilities
June 15, 1994 1400 PDT Number E-30
______________________________________________________________________________
PROBLEM: Two vulnerabilities in Majordomo distribution list
administrator.
PLATFORMS: All unix systems using Majordomo versions 1.91 and earlier.
DAMAGE: Remote users may gain access to the Majordomo account.
SOLUTION: Upgrade to Majordomo 1.92 or apply quick fix described below.
______________________________________________________________________________
VULNERABILITY This vulnerability is being discussed on public mailing lists
ASSESSMENT: and is currently being exploited. CIAC recommends that sites
determine if they are using Majordomo for their distribution
lists, and, if so, follow the steps described below.
______________________________________________________________________________
Critical Information about the Majordomo distribution list administrator
vulnerabilities
|
|
|
