Overview
Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function, which may allow a remote, unauthenticated attacker to obtain sensitive information.
Description
Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function (lib/Majordomo.pm) caused by an input validation error when handling files. An attacker can exploit this vulnerability via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web). Additional information regarding this vulnerability can be found in this Sitewatch Advisory. |
Impact
A remote unauthenticated attacker could obtain sensitive information. |
Solution
Update |
Vendor Information
The vulnerability is reported in snapshots prior to 20110204. |
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Michael Brooks.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2011-0049 |
| Severity Metric: | 25.20 |
| Date Public: | 2011-02-04 |
| Date First Published: | 2011-02-04 |
| Date Last Updated: | 2011-03-28 12:27 UTC |
| Document Revision: | 22 |