1.94.5

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

great-circle-associates

CWE-16

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.

Vulnerable Configurations

Part	Description	Count
Application	Great_Circle_Associates Great Circle Associates Majordomo 1.94.4 Great Circle Associates Majordomo 1.94.5 Great Circle Associates Majordomo *	3

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://securityreason.com/securityalert/3235
http://www.securityfocus.com/archive/1/310113
http://www.securityfocus.com/bid/6761
https://exchange.xforce.ibmcloud.com/vulnerabilities/11243