Type securityvulns
Reporter Securityvulns
Modified 2000-07-19T00:00:00



                 Network Associates, Inc.
              COVERT Labs Security Advisory
                     July 17, 2000

           LISTSERV Web Archive Remote Overflow


o Synopsis

The L-Soft LISTSERV web archive (wa,wa.exe) component contains an unchecked buffer allowing remote execution of arbitrary code with the privileges of the LISTSERV daemon.


o Vulnerable Systems

L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.

o Vulnerability Information

The web archive component distributed with L-Soft LISTSERV provides administration services for mailing lists as well as giving users the ability to subscribe, post and search the list over the web.

By sending a long QUERY_STRING to wa or wa.exe it is possible to overwrite the stack with user defined data allowing the execution of arbitrary code on the remote host.

This new vulnerability differs from a previous issue addressed on the 5th May 2000 discussed at:

o Resolution

L-Soft has provided a patch for this issue. Please see their advisory for more information:

o Credits

This vulnerability was discovered by Barnaby Jack at the COVERT Labs of PGP Security.

o Contact Information

For more information about the COVERT Labs at PGP Security, visit our website at or send e-mail to

o Legal Notice

The information contained within this advisory is Copyright (C) 2000 Networks Associates Technology Inc. It may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way.

Network Associates and PGP are registered Trademarks of Network Associates, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Crypto Provided by Network Associates <>

iQA/AwUBOXN7iKF4LLqP1YESEQJJJACgvAtqCa2x7QNcc2T2bSqkRde2QkMAmwRy bTg6GICsow7f3m8/3Xg3i0Xw =EgIE -----END PGP SIGNATURE-----