ezmlm-idx Arbitrary Command Execution Vulnerability

ezmlm-idx is a mailing list manager addon to ezmlm, designed to allow archival, digesting, and remote administration. The package is specifically designed for use with the qmail MTA, and is written by Fred Lindberg and Fred B. Ringel. A problem exists which could allow a user to arbitrarily execute code.

The problem occurs in the ezmlm-cgi portion of the package. The recommended installation of ezmlm-cgi is as suid root, although this is deviated from frequently. After installing the program setuid to a user other than root, the program, when launched, will attempted to read it's configuration file from the current working directory, vice the default /etc/ezmlm/ directory. This makes it possible for a malicious user to arbitrarily execute commands with the privileges inherited by ezmlm-cgi.


Privacy Statement
Copyright 2010, SecurityFocus