Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:661 |
Message | SMTP majordomo ifs |
Summary | This event is generated when an attempt is made to exploit a problem with Majordomo software that allows arbitrary commands to be executed on the server. |
Impact | Attempted administrator access. This is an attempt to execute a command on a server where Majordomo is installed. |
Detailed Information | Majordomo is an application that automates mailing list management. An input validation error allows attackers to use a malformed email header as a command that will be executed on the host. To be vulnerable, the server must use a list or a hidden list and the configuration file must specify an advertise or noadvertise option. This has been documented as either a local or remote attack on the host. |
Affected Systems | Majordomo versions up to and including 1.94.4. |
Attack Scenarios | An attacker can send a malformed e-mail header to the Majordomo host. The host executes a command that facilitates access to the host. |
Ease of Attack | Simple. Use an appropriate malformed header and supply a command that enables access to the host. |
Corrective Action | Upgrade to Majordomo version 1.94.5 or higher. |
Additional References | Bugtraq: http://www.securityfocus.com/bid/2310 Arachnids: http://www.whitehats.com/info/IDS143 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0207 |
Rule References | arachnids: 143 bugtraq: 2310 cve: 1999-0207 |
--
DID:289428
--
http://www.aanval.com/