MidnightBSD

Advisories for great_circle_associates

CVE-1999-0207 HIGH

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
great_circle_associates majordomo 1.91
great_circle_associates majordomo 1.90
CVE-1999-0957 LOW

MajorCool mj_key_cache program allows local users to modify files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
great_circle_associates majorcool *
CVE-1999-1220 HIGH

Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
great_circle_associates majordomo *
CVE-2000-0035 MEDIUM

resend command in Majordomo allows local users to gain privileges via shell metacharacters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
great_circle_associates majordomo *
CVE-2000-0037 MEDIUM

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
great_circle_associates majordomo 1.94.4
great_circle_associates majordomo 1.94.5
CVE-2003-1367 HIGH

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
great_circle_associates majordomo 1.94.4
great_circle_associates majordomo *
great_circle_associates majordomo 1.94.5