CA-94:11.README
Issue Date:  June 10, 1994
Date of last revision: June 9, 1995

This file is a supplement to the CERT Advisory CA-94:11, "Majordomo
vulnerabilities," of June 9, 1994.  It is updated as additional
information becomes available.


Due to limited bandwidth of the anonymous FTP server at
ftp.greatcircle.com, please use alternative sites if possible.
The FTP sites are listed below in the preferred order of use.

     A.  Recommended solution for all versions through 1.91

         Obtain and install Majordomo version 1.92, following the
         instructions in the README file included with 1.92.

|         This new version is available by anonymous FTP from:
|
|		ftp.cs.umb.edu	     /pub/rouilj/majordomo-1.92.tar.Z
|		FTP.GreatCircle.COM  /pub/majordomo/majordomo-1.92.tar.Z

                          BSD        SVR4
    File               Checksum   Checksum    MD5 Digital Signature
    -----------------  --------   --------- --------------------------------
    majordomo-1.92.tar.Z  55701 223  23408 446 17d9bb9fd4872ab09d01bfeb643b5ebb

-------


Step 2 of the workaround mentioned in the advisory has been augmented.
The new version of step 2 follows:

         Step 2 -  In every place in the Majordomo code where there is a
                   string of any of these forms,
                                    
|        "|/usr/lib/sendmail -f<whatever> $to"       #majordomo.pl
         "|/usr/lib/sendmail -f<whatever> $reply_to" #request-answer
|	 "|/usr/lib/sendmail -f<whatever> $reply_to $list-approval" # new-list
         "|/usr/lib/sendmail -f<whatever> \$to"      #majordomo.cf

                   Change that string to
   
                       "|/usr/lib/sendmail -f<whatever> -t"

                   Generally, you will find the strings in the request-answer
                   file, the majordomo.pl file, and your local majordomo.cf
                   file. 


////////////////////
Added June 9, 1995
A new version of majordomo available from

   ftp://ftp.greatcircle.com/pub/majordomo/majordomo-1.93.tar.Z


MD5 (majordomo-1.93.README) = 068bb343f23d3119cd196ed4222ab266
MD5 (majordomo-1.93.tar.Z)  = c589a3c3d420d68e096eafdfdac0c8aa

Please note that majordomo is no longer archived on ftp.cs.umb.edu.

////////////////////

