COMMAND

    majordomo

SYSTEMS AFFECTED

    Systems running Majordomo 1.94.1

PROBLEM

    majordomo 1.94.1  has a  bug in  that if  you disable  the "lists"
    command, you can still get a list of all the mailing lists on  the
    server  by  sending  "unsubscribe  *  <email address>" and it will
    just give  you a  bunch of  "failed to  unsubscribe from ..." once
    for each list on the server.  Credit goes to The Spectre.

SOLUTION

    Oxymoron has a patch to fix this at:

        http://www.waste.org/~oxymoron/majordomo/

    It's fixed in 1.94.3. Everyone should be aware of similar  dangers
    with the 'which' command as well.  1.94.4 (latest at time of  this
    writing) can obtained from:

        ftp://ftp.greatcircle.com/pub/majordomo/majordomo.tgz
        ftp://ftp-europe.sgi.com/other/majordomo/majordomo.tgz
        ftp://ftp.sgi.com/other/majordomo/majordomo.tgz

    Patches  can  be  found  in  the  1.94.4 subdirectory.  Here's the
    patch for 1.94.3.

    *** majordomo.unpatched Mon Jun 23 14:22:56 1997
    --- majordomo   Mon Jun 23 14:23:31 1997
    ***************
    *** 234,239 ****
    --- 234,245 ----
      # Everything from here on down is subroutine definitions

      sub do_subscribe {
    +
    +      if (! $approved && $count > 2 ) {
    +        &squawk("$sm: not approved");
    +        return 0;
    +      }
    +
          # figure out what list we are trying to subscribe to
          # and check to see if the list is valid
          local($sm) = "subscribe";