Majordomo is a popular open-source e-mail list server written in Perl. There exists a common configuration error in Majordomo's authentication system that may allow for remote attackers to execute administrative commands. Majordomo authenticates list administrators using passwords each time an administrative command is issued. During authentication, the supplied password is first compared to the value of the admin_password option in the list configuration file. If the two match, the administrator is authenticated and the command is executed. If not, majordomo attempts to open a file in the lists directory with a filename in the format: "listname.passwd", where "listname" is the name of the current list. The password is then read from that file. Many Majordomo setup/installation guides instruct the user configuring Majordomo not to set a real password as the value of admin_password, rather assign the option the value of the filename to be opened containing the password (in the...
Majordomo is a popular open-source e-mail list server written in Perl. There exists a common configuration error in Majordomo's authentication system that may allow for remote attackers to execute administrative commands. Majordomo authenticates list administrators using passwords each time an administrative command is issued. During authentication, the supplied password is first compared to the value of the admin_password option in the list configuration file. If the two match, the administrator is authenticated and the command is executed. If not, majordomo attempts to open a file in the lists directory with a filename in the format: "listname.passwd", where "listname" is the name of the current list. The password is then read from that file. Many Majordomo setup/installation guides instruct the user configuring Majordomo not to set a real password as the value of admin_password, rather assign the option the value of the filename to be opened containing the password (in the list.passwd filename format). If this is done, the filename specified as the value for admin_passwd effectively becomes a valid password and can be used to authenticate an administrator. If a system has been configured this way, a remote attacker can guess the name of the file (listname.passwd) and use it as the password to successfully execute administrator commands.
