ezmlm-idx Arbitrary Command...

- AV AC AU C I A
发布: 1980-12-05
修订: 2020-04-23

ezmlm-idx is a mailing list manager addon to ezmlm, designed to allow archival, digesting, and remote administration. The package is specifically designed for use with the qmail MTA, and is written by Fred Lindberg and Fred B. Ringel. A problem exists which could allow a user to arbitrarily execute code. The problem occurs in the ezmlm-cgi portion of the package. The recommended installation of ezmlm-cgi is as suid root, although this is deviated from frequently. After installing the program setuid to a user other than root, the program, when launched, will attempted to read it's configuration file from the current working directory, vice the default /etc/ezmlm/ directory. This makes it possible for a malicious user to arbitrarily execute commands with the privileges inherited by ezmlm-cgi.

0%
当前有1条漏洞利用/PoC
产品及版本信息(CPE)暂不可用