Obtain unauthorised list of mailing lists from majordomo 1.94.1

Summary
Description:Majordomo 1.94.1 allows you to disable the 'lists' command, but people can still obtain it by 'unsubscribe * jdoe@fairy.net' and getting an unsubscribe failure for every list.
Author:The Spectre <spectre@NAC.NET>
Compromise:obtain unauthorised data from majordomo list server.
Vulnerable Systems:Anything running unpatched majordomo 1.94.1, possibly other versions.
Date:23 June 1997
Details


Date: Mon, 23 Jun 1997 14:40:34 -0400
From: The Spectre <spectre@NAC.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: Bug in majordomo

X-Premail-Auth: Key matching expected Key ID CC8C66B5 not found

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: bugtraq@netspace.org
Date: Mon Jun 23 14:43:46 1997

majordomo 1.94.1 has a bug in that if you disable the "lists" command, you
can still get a list of all the mailing lists on the server by sending
"unsubscribe * <email address>" and it will just give you a bunch of
"failed to unsubscribe from ..." once for each list on the server.

Not sure what platform(s) this occurs on, the server this happened on was
2600.com.


                   -=Start Signature=-
Goth.Code 3.1 GoCS5$ TAnFe P! B7/17Bk#1 cBk(Lb)-s6 V6s M3p1wgD
ZGoPuoMehFon!! C9oc A20+(24) n5 b54 H185 g6!??94A m@Z4? w6T v1h
r7EISP p1Z565Hm D26 h5(R) sM10M SsYw k6B N1286JONEH RzM LusNY3
          -=http://www.nac.net/~users/spectre=-
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBM67D6aAC4xvMjGa1AQEBhwf9EXJWTIbAdbrrregeg+QwTMJ2PdBvU6UN
Y/7aPZrQQruHdgOjjxPCXs4nHJ7nXBNoRoD2VAWu4psbxe0GdGVm3a3/775eNuWJ
YT34RKUWs5CMafjyvoQw8l2GDwjE/EGvic7DH53Rso5UGEwgTnSeMXgTIqSJ+Ndf
QV8Gt8m/H+eGnhdRsUzXQW8aB2oOFIP0a71TjghgT0oJUmRZ3KQYSnBG9qDMXJRs
dihE7XihUOVVrLH/Q3sY4Kaq5KZp1tNrn08ia2rBpwgqV80VN6HPEKgBG9l4+AIZ
JBkkMEqV5B7KAYG4yMEBXGPyvR1KMGFRxHQxI8WVwMXNclXBLjOUEw==
=BYYn
-----END PGP SIGNATURE-----

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]