Any user on a system running majordomo can append arbitrary data to any file owned by the majordomo account.
Those running majordomo. This runs on a ton of systems (Solaris, Linux, IRIX, etc.).
26 March 1998
Date: Thu, 26 Mar 1998 15:03:28 -0600
From: Karl G - NOC Admin <email@example.com>
Subject: Majordomo /tmp exploit
Majordomo allows appending to any file owned by the majordomo user/group.
create a symlink in /tmp to any majordomo file
ex: ln -s /usr/lib/majordomo/majordomo /tmp/majordomo.debug
send a message with any emailer to majordomo with a "/" in the return
address. (i tested with Winbloze Internet Mail)
the owner of majordomo will receive the below message... from then on,
majordomo will be inoperable. (if the above symlink is used) Majordomo
keeps a debug log and appends to it every time it crashes with out
checking ownerships of the symlinks.. or for that matter for symlinks at
Subject: MAJORDOMO ABORT (mj_majordomo)
MAJORDOMO ABORT (mj_majordomo)!!
HOSTILE ADDRESS (no x400 c=) firstname.lastname@example.org
should the wrapper not check for such things?
TQG Internet Network
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: