Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access

Medium Nessus Plugin ID 52000

Synopsis

The remote web server hosts a web application that contains a directory traversal vulnerability.

Description

The version of Majordomo 2 on the remote host fails to sanitize input to the 'extra' parameter of the 'mj_wwwusr' script before using it to return the contents of a file.

An attacker can leverage this issue using a directory traversal sequence to view arbitrary files on the affected host within the context of the web server. Information harvested may aid in launching further attacks.

Note that this issue is also reportedly exploitable through Majordomo's email interface, although Nessus has not checked for that.

Solution

Upgrade to Majordomo 2 build 20110204 or later.

See Also

http://www.nessus.org/u?1456bb52

http://attrition.org/pipermail/vim/2011-February/002502.html

https://seclists.org/bugtraq/2011/Mar/93

Plugin Details

Severity: Medium

ID: 52000

File Name: majordomo2_dir_traversal.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 2011/02/16

Modified: 2018/11/15

Dependencies: 10107, 51999

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/majordomo

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/02/04

Vulnerability Publication Date: 2011/02/02

Exploitable With

CANVAS (D2ExploitPack)

Elliot (Majordomo 2 File Disclosure)

Reference Information

CVE: CVE-2011-0049, CVE-2011-0063

BID: 46127

CERT: 363726

EDB-ID: 16103

Secunia: 43125, 43631