Title: Majordomo Config-file admin_password Configuration Vulnerability
Severity: HIGH
Description:
Majordomo is a popular open-source e-mail list server written in Perl. There exists a common configuration error in Majordomo's authentication system that may allow for remote attackers to execute administrative commands.
Majordomo authenticates list administrators using passwords each time an administrative command is issued. During authentication, the supplied password is first compared to the value of the admin_password option in the list configuration file. If the two match, the administrator is authenticated and the command is executed. If not, majordomo attempts to open a file in the lists directory with a filename in the format: "listname.passwd", where "listname" is the name of the current list. The password is then read from that file.
Many Majordomo setup/installation guides instruct the user configuring Majordomo not to set a real password as the value of admin_password, rather assign the option the value of the filename to be opened containing the password (in the list.passwd filename format). If this is done, the filename specified as the value for admin_passwd effectively becomes a valid password and can be used to authenticate an administrator.
If a system has been configured this way, a remote attacker can guess the name of the file (listname.passwd) and use it as the password to successfully execute administrator commands.
Affected Products:
- Great Circle Associates Majordomo 1.94.4
- Great Circle Associates Majordomo 1.94.5
References:
- Great Circle Associates: Majordomo Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
