Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access

medium Nessus Plugin ID 52000

Synopsis

The remote web server hosts a web application that contains a directory traversal vulnerability.

Description

The version of Majordomo 2 on the remote host fails to sanitize input to the 'extra' parameter of the 'mj_wwwusr' script before using it to return the contents of a file.

An attacker can leverage this issue using a directory traversal sequence to view arbitrary files on the affected host within the context of the web server. Information harvested may aid in launching further attacks.

Note that this issue is also reportedly exploitable through Majordomo's email interface, although Nessus has not checked for that.

Solution

Upgrade to Majordomo 2 build 20110204 or later.

See Also

http://www.nessus.org/u?1456bb52

http://attrition.org/pipermail/vim/2011-February/002502.html

https://seclists.org/bugtraq/2011/Mar/93

Plugin Details

Severity: Medium

ID: 52000

File Name: majordomo2_dir_traversal.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 2/16/2011

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/majordomo

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/4/2011

Vulnerability Publication Date: 2/2/2011

Exploitable With

CANVAS (D2ExploitPack)

Elliot (Majordomo 2 File Disclosure)

Reference Information

CVE: CVE-2011-0049, CVE-2011-0063

BID: 46127

CERT: 363726

Secunia: 43125, 43631