This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Majordomo 2 has a **Directory Traversal** flaw in `_list_file_get`. <br>π₯ **Consequences**: Remote attackers can **read arbitrary files** from the server. Critical data exposure risk!
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Missing input validation in `lib/Majordomo.pm`. <br>π **Flaw**: The function fails to sanitize `..` (dot-dot) sequences in the **help command**. Allows path escape.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: Majordomo 2 versions **before 20110131**. <br>βοΈ **Component**: `lib/Majordomo.pm` specifically. <br>π **Interface**: Affects both **email processing** and **cgi-bin/mj_wwwusr** web interface.
Q4What can hackers do? (Privileges/Data)
π **Hackers Can**: Read **any file** on the system. <br>π **Data Access**: Sensitive configs, source code, passwords. <br>π **Privileges**: Depends on the service user, but **remote** access is key.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: **LOW**. <br>π **Auth**: No authentication required for remote exploitation. <br>π‘ **Vector**: Via crafted **email** or **web requests**. Easy to trigger.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exp**: **YES**. <br>π **PoC**: Available on **Exploit-DB (16103)** and **Nuclei templates**. <br>π **Wild Exploitation**: High risk due to simple `..` injection.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **Majordomo 2** instances. <br>π§ͺ **Test**: Send email with `..` in help command. <br>π‘ **Monitor**: Look for `mj_wwwusr` CGI calls with path traversal patterns.
π§ **No Patch?**: **Mitigate** via WAF rules. <br>π **Block**: Deny requests containing `..` in help parameters. <br>π **Isolate**: Restrict web interface access if possible.