Date: Mon, 7 Oct 2002 13:50:25 +0100 From: Burhan Nazir <burhan@blueyonder.co.uk> To: chat@freebsd.org Subject: which <email_domain_name> - SECURITY BREACH? Message-ID: <20021007125025.GG7713@host-123.syseng.cableinet.net>
next in thread | raw e-mail | index | archive | help
Hello, It seems that by sending the "which" command to majordomo, it can return a list of email addresses subscribed to all lists matching any domain name that you specify. This has huge spamming implications For example by doing: which freebsd.org to majordomo@freebsd.org, will return a list of ALL subscribers with domain freebsd.org. Is this a security flaw with majordomo? By disabling the "which" customers loose the ability to query which lists they are subscribe to. This seems weird? -Burhan -- FreeBSD 4.6.2-RELEASE * http://www.freebsd.org 1:35PM up 45 days, 23:12, 11 users, load averages: 0.00, 0.00, 0.00 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021007125025.GG7713>