>> The whole subscribers' file for my list was emptied a >> few days ago; the file existed with no names in it. >> (I use majordomo, so the software issue is different.) The list I own is r ********* >fo >> people who experience mood swings, fear, voices and visions >> and is titled ThisIsCrazy. If this was indeed sabotage, >> it would be from bullies. Though I'm not including the entire text, this was distributed last week wrt. MAJORDOMO. From: [log in to unmask] (Michael C. Berch) Subject: CIAC Bulletin E-30: Majordomo distribution list administrator Followup-To: comp.security.misc Date: 16 Jun 1994 00:11:19 GMT Reply-To: [log in to unmask] [For further information contact [log in to unmask]] _____________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ _____________________________________________________ INFORMATION BULLETIN Majordomo distribution list administrator vulnerabilities June 15, 1994 1400 PDT Number E-30 ______________________________________________________________________________ PROBLEM: Two vulnerabilities in Majordomo distribution list administrator. PLATFORMS: All unix systems using Majordomo versions 1.91 and earlier. DAMAGE: Remote users may gain access to the Majordomo account. SOLUTION: Upgrade to Majordomo 1.92 or apply quick fix described below. ______________________________________________________________________________ VULNERABILITY This vulnerability is being discussed on public mailing lists ASSESSMENT: and is currently being exploited. CIAC recommends that sites determine if they are using Majordomo for their distribution lists, and, if so, follow the steps described below. ______________________________________________________________________________ Critical Information about the Majordomo distribution list administrator vulnerabilities