Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
From: COVERT Labs (seclabsNAI.COM)
Date: Mon Jul 17 2000 - 16:32:56 CDT

Hash: SHA1


                     Network Associates, Inc.
                  COVERT Labs Security Advisory
                         July 17, 2000

               LISTSERV Web Archive Remote Overflow


o Synopsis

The L-Soft LISTSERV web archive (wa,wa.exe) component contains an
unchecked buffer allowing remote execution of arbitrary code with
the privileges of the LISTSERV daemon.


o Vulnerable Systems

L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for
Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all
vendors), and OpenVMS VAX.


o Vulnerability Information

The web archive component distributed with L-Soft LISTSERV provides
administration services for mailing lists as well as giving users
the ability to subscribe, post and search the list over the web.

By sending a long QUERY_STRING to wa or wa.exe it is possible to
overwrite the stack with user defined data allowing the execution of
arbitrary code on the remote host.

This new vulnerability differs from a previous issue addressed on the
5th May 2000 discussed at:



o Resolution

L-Soft has provided a patch for this issue. Please see their
advisory for more information:



o Credits

This vulnerability was discovered by Barnaby Jack at the COVERT Labs
of PGP Security.


o Contact Information

For more information about the COVERT Labs at PGP Security, visit our
website at http://www.nai.com/covert or send e-mail to covertnai.com


o Legal Notice

The information contained within this advisory is Copyright (C) 2000
Networks Associates Technology Inc. It may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way.

Network Associates and PGP are registered Trademarks of Network
Associates, Inc. and/or its affiliated companies in the United States
and/or other Countries. All other registered and unregistered
trademarks in this document are the sole property of their respective


Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>