Caldera Systems Security Advisory: various security problems with majordomo | Linux Today

Caldera Systems Security Advisory: various security problems with majordomo

Written By
Web Webster
Web Webster
Mar 18, 2000

Caldera Systems, Inc. Security Advisory

Subject: various security problems with majordomo
Advisory number: CSSA-2000-006.0
Issue date: 2000 March, 7
Cross reference: CSSA-1999-039.0


1. Problem Description

This advisory is a re-release of CSSA-1999-039.0, additionally
covering the OpenLinux eServer platform. Users of the OpenLinux 2.3
Desktop product do not need to take additional actions if you have
already upgraded to the inn package as update 018.

There are several bugs in majordomo that allow arbitrary users
to execute commands with the privilege of majordomo. If the
sendmail aliases file contains aliases that invoke majordomo, a
compromise of additional system accounts is possible, which may
further on lead to a root compromise. An immediate root exploit has
not been found however.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                majordomo-1.94.5-1
                                (see update 018)

   OpenLinux eServer 2.3        All packages previous to
                                majordomo-1.94.5-1

3. Solution

Workaround:

Change the group of the wrapper excutable to daemon, and turn
off world execute rights:

chgrp daemon /usr/lib/majordomo/wrapper chmod o-x


/usr/lib/majordomo/wrapper

The proper solution is to upgrade to the latest packages

rpm -U majordomo-1.94.5-1.i386.rpm

If you do not use majordomo, we recommend to remove the package
entirely using

rpm -e majordomo

4. OpenLinux Desktop 2.3

Fixed packages released with update 018

5. OpenLinux eServer 2.3

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/eServer/updates/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderaystems.com/pub/eServer/updates/2.3/current/SRPMS

5.2 Verification

       b4398888ab9a7d1f2fff43015483a64c  RPMS/majordomo-1.94.5-1.i386.rpm
       d04530bd2710cdd336f08677368efcae  SRPMS/majordomo-1.94.5-1.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F majordomo-1.94.5-1.i386.rpm

6. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera’s internal Problem Report
5615

7. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.