logo
DATABASE RESOURCES PRICING ABOUT US

Majordomo 2 _list_file_get() directory traversal vulnerability

Description

### Overview Majordomo 2 contains a directory traversal vulnerability in the `_list_file_get()`function, which may allow a remote, unauthenticated attacker to obtain sensitive information. ### Description Majordomo 2 contains a directory traversal vulnerability in the `_list_file_get()`function (lib/Majordomo.pm) caused by an input validation error when handling files. An attacker can exploit this vulnerability via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web). Additional information regarding this vulnerability can be found in this [Sitewatch Advisory](<https://sitewat.ch/en/Advisory/View/1>). --- ### Impact A remote unauthenticated attacker could obtain sensitive information. --- ### Solution **Update** Majordomo 2 recommends users update to snapshot [20110204](<http://ftp.mj2.org/pub/mj2/snapshots/2011-02/majordomo-20110204.tar.gz>) or later. --- ### Vendor Information The vulnerability is reported in snapshots prior to 20110204. --- 363726 Filter by status: All Affected Not Affected Unknown Filter by content: __ Additional information available __ Sort by: Status Alphabetical Expand all **Javascript is disabled. Click here to view vendors.** ### Majordomo 2 Affected Updated: February 04, 2011 ### Status Affected ### Vendor Statement We have not received a statement from the vendor. ### Vendor Information We are not aware of further vendor information regarding this vulnerability. ### Vendor References * <http://ftp.mj2.org/pub/mj2/snapshots/2011-02/> ### CVSS Metrics Group | Score | Vector ---|---|--- Base | | Temporal | | Environmental | | ### References * <http://www.us-cert.gov/current/index.html#majordomo_vulnerable_to_directory_traversal> * <https://sitewat.ch/en/Advisory/View/1> * <http://ftp.mj2.org/pub/mj2/snapshots/2011-02/> ### Acknowledgements This vulnerability was reported by Michael Brooks. This document was written by Michael Orlando. ### Other Information **CVE IDs:** | [CVE-2011-0049](<http://web.nvd.nist.gov/vuln/detail/CVE-2011-0049>) ---|--- **Severity Metric:** | 25.20 **Date Public:** | 2011-02-04 **Date First Published:** | 2011-02-04 **Date Last Updated: ** | 2011-03-28 12:27 UTC **Document Revision: ** | 22


Related