SMTP: Majordomo Command Execution
This signature detects attempts to exploit a known vulnerability against Great Circle Associates Majordomo, a perl-based Internet email list server. When processing a list command, Majordomo compares the "reply to" email address again the advertise/noadvertise lists (if configured). During this comparison, attackers can trick Majordomo into executing commands when it expands the back-tick operator (used by UNIX to enclose executable commands in a shell command line). Attackers can use this back-tick operator in the "reply to" email header to execute arbitrary commands on the server.
Extended Description
Majordomo is a perl-based Internet e-mail list server. Versions prior to 1.91 are vulnerable to an attack whereby specially crafted e-mail headers are incorrectly processed, yielding the ability to execute arbitrary commands with the privileges of Majordomo. This is possible only when "advertise" or "noadvertise" directives are specified in the configuration files.
Affected Products
Great_circle_associates majordomo
Short Name
SMTP:MAJORDOMO:COMMAND-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
CVE-1999-0207 Command Execution Majordomo bid:2310
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Great_circle_associates
CVSS Score
7.5