Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1367

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2003-1367
Last Modified 05 Sep 2008 04:36:45
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1367

Summary

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.

Vulnerable Systems

Application

  • Great Circle Associates Majordomo 1.94.4

  • Great Circle Associates Majordomo 1.94.5

  • Great Circle Associates Majordomo 2.0


References

XF - majordomo-whichaccess-email-disclosure(11243)

BID - 6761

BUGTRAQ - 20030204 Majordomo info leakage, all versions

SREASON - 3235


Last Updated: 27 May 2016 10:38:20