Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access
Medium Nessus Plugin ID 52000
SynopsisThe remote web server hosts a web application that contains a directory traversal vulnerability.
DescriptionThe version of Majordomo 2 on the remote host fails to sanitize input to the 'extra' parameter of the 'mj_wwwusr' script before using it to return the contents of a file.
An attacker can leverage this issue using a directory traversal sequence to view arbitrary files on the affected host within the context of the web server. Information harvested may aid in launching further attacks.
Note that this issue is also reportedly exploitable through Majordomo's email interface, although Nessus has not checked for that.
SolutionUpgrade to Majordomo 2 build 20110204 or later.