Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
From: COVERT Labs (seclabsNAI.COM)
Date: Mon Jul 17 2000 - 16:32:56 CDT
- Next message: Lluis Mora: "S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4"
- Previous message: Brian Krahmer: "Re: CheckPoint FW1 BUG"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Network Associates, Inc.
COVERT Labs Security Advisory
July 17, 2000
LISTSERV Web Archive Remote Overflow
The L-Soft LISTSERV web archive (wa,wa.exe) component contains an
unchecked buffer allowing remote execution of arbitrary code with
the privileges of the LISTSERV daemon.
RISK FACTOR: HIGH
o Vulnerable Systems
L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for
Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all
vendors), and OpenVMS VAX.
o Vulnerability Information
The web archive component distributed with L-Soft LISTSERV provides
administration services for mailing lists as well as giving users
the ability to subscribe, post and search the list over the web.
By sending a long QUERY_STRING to wa or wa.exe it is possible to
overwrite the stack with user defined data allowing the execution of
arbitrary code on the remote host.
This new vulnerability differs from a previous issue addressed on the
5th May 2000 discussed at:
L-Soft has provided a patch for this issue. Please see their
advisory for more information:
This vulnerability was discovered by Barnaby Jack at the COVERT Labs
of PGP Security.
o Contact Information
For more information about the COVERT Labs at PGP Security, visit our
website at http://www.nai.com/covert or send e-mail to covertnai.com
o Legal Notice
The information contained within this advisory is Copyright (C) 2000
Networks Associates Technology Inc. It may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way.
Network Associates and PGP are registered Trademarks of Network
Associates, Inc. and/or its affiliated companies in the United States
and/or other Countries. All other registered and unregistered
trademarks in this document are the sole property of their respective
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>
-----END PGP SIGNATURE-----