> Knowing that the bugtraq list used Majordomo, I asked about the > security problem on the majordomo-users mailing list. I was forwarded > a copy of an announcement that was sent to the majordomo-workers list. > > I'm not real pleased that I had to actively search for this... I think the reasoning was that people on the -users list might try to exploit it, whereas people on the -workers list are trying to plug it; just a guess though. For folks running 1.62 out of the box, here's what I think is the quickest fix (as yet unverified but implemented): cd ~majordom chmod 000 wrapper edit the following files and change occurance of "$to" or "$reply_to" to -t as stated in the note sent by John R: majordomo.cf line 21 majordomo.pl line 225 resend line 326,328 new-list 40 request-answer 40 when done, chmod 6775 wrapper Please let me know if this is insufficient. | Dan | -- Dan Simoes dans@ans.net Associate Programmer (914) 789-5378 Advanced Network & Services Elmsford, NY