-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Network Associates, Inc. COVERT Labs Security Advisory July 17, 2000 LISTSERV Web Archive Remote Overflow COVERT-2000-07
The L-Soft LISTSERV web archive (wa,wa.exe) component contains an unchecked buffer allowing remote execution of arbitrary code with the privileges of the LISTSERV daemon.
RISK FACTOR: HIGH
o Vulnerable Systems
L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.
o Vulnerability Information
The web archive component distributed with L-Soft LISTSERV provides administration services for mailing lists as well as giving users the ability to subscribe, post and search the list over the web.
By sending a long QUERY_STRING to wa or wa.exe it is possible to overwrite the stack with user defined data allowing the execution of arbitrary code on the remote host.
This new vulnerability differs from a previous issue addressed on the 5th May 2000 discussed at:
L-Soft has provided a patch for this issue. Please see their advisory for more information:
This vulnerability was discovered by Barnaby Jack at the COVERT Labs of PGP Security.
o Contact Information
For more information about the COVERT Labs at PGP Security, visit our website at http://www.nai.com/covert or send e-mail to firstname.lastname@example.org
o Legal Notice
The information contained within this advisory is Copyright (C) 2000 Networks Associates Technology Inc. It may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way.
Network Associates and PGP are registered Trademarks of Network Associates, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Crypto Provided by Network Associates <http://www.nai.com>
iQA/AwUBOXN7iKF4LLqP1YESEQJJJACgvAtqCa2x7QNcc2T2bSqkRde2QkMAmwRy bTg6GICsow7f3m8/3Xg3i0Xw =EgIE -----END PGP SIGNATURE-----