CVE-2011-0063
Description
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Majordomo2 - 'SMTP/HTTP' Directory Traversal
Metasploit modules
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mj2 | majordomo_2 | {"endIncluding":"20110203"} | |
| mj2 | majordomo_2 | 20110101 | |
| mj2 | majordomo_2 | 20110102 | |
| mj2 | majordomo_2 | 20110103 | |
| mj2 | majordomo_2 | 20110104 | |
| mj2 | majordomo_2 | 20110105 | |
| mj2 | majordomo_2 | 20110106 | |
| mj2 | majordomo_2 | 20110107 | |
| mj2 | majordomo_2 | 20110108 | |
| mj2 | majordomo_2 | 20110109 | |
| mj2 | majordomo_2 | 20110110 | |
| mj2 | majordomo_2 | 20110111 | |
| mj2 | majordomo_2 | 20110112 | |
| mj2 | majordomo_2 | 20110113 | |
| mj2 | majordomo_2 | 20110114 | |
| mj2 | majordomo_2 | 20110115 | |
| mj2 | majordomo_2 | 20110116 | |
| mj2 | majordomo_2 | 20110117 | |
| mj2 | majordomo_2 | 20110118 | |
| mj2 | majordomo_2 | 20110119 | |
| mj2 | majordomo_2 | 20110120 | |
| mj2 | majordomo_2 | 20110121 | |
| mj2 | majordomo_2 | 20110122 | |
| mj2 | majordomo_2 | 20110123 | |
| mj2 | majordomo_2 | 20110124 | |
| mj2 | majordomo_2 | 20110125 | |
| mj2 | majordomo_2 | 20110126 | |
| mj2 | majordomo_2 | 20110127 | |
| mj2 | majordomo_2 | 20110128 | |
| mj2 | majordomo_2 | 20110129 | |
| mj2 | majordomo_2 | 20110130 | |
| mj2 | majordomo_2 | 20110131 | |
| mj2 | majordomo_2 | 20110201 | |
| mj2 | majordomo_2 | 20110202 | |
References
- http://secunia.com/advisories/43631
- http://securityreason.com/securityalert/8133
- http://sotiriu.de/adv/NSOADV-2011-003.txt
- http://www.securityfocus.com/archive/1/516923/100/0/threaded
- https://bugzilla.mozilla.org/show_bug.cgi?id=631307
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66011
- http://secunia.com/advisories/43631
- http://securityreason.com/securityalert/8133
- http://sotiriu.de/adv/NSOADV-2011-003.txt
- http://www.securityfocus.com/archive/1/516923/100/0/threaded
- https://bugzilla.mozilla.org/show_bug.cgi?id=631307
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66011
CWEs
CWE-22
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.