Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:661 |
| Message | SMTP majordomo ifs |
| Summary | This event is generated when an attempt is made to exploit a problem with Majordomo software that allows arbitrary commands to be executed on the server. |
| Impact | Attempted administrator access. This is an attempt to execute a command on a server where Majordomo is installed. |
| Detailed Information | Majordomo is an application that automates mailing list management. An input validation error allows attackers to use a malformed email header as a command that will be executed on the host. To be vulnerable, the server must use a list or a hidden list and the configuration file must specify an advertise or noadvertise option. This has been documented as either a local or remote attack on the host. |
| Affected Systems | Majordomo versions up to and including 1.94.4. |
| Attack Scenarios | An attacker can send a malformed e-mail header to the Majordomo host. The host executes a command that facilitates access to the host. |
| Ease of Attack | Simple. Use an appropriate malformed header and supply a command that enables access to the host. |
| Corrective Action | Upgrade to Majordomo version 1.94.5 or higher. |
| Additional References | Bugtraq: http://www.securityfocus.com/bid/2310 Arachnids: http://www.whitehats.com/info/IDS143 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0207 |
| Rule References | arachnids: 143 bugtraq: 2310 cve: 1999-0207 |
--
DID:289428
--
http://www.aanval.com/