5279594 2000-07-18 08:15 /111 rader/ Postmaster
Mottagare: Bugtraq (import) <11770>
Ärende: [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Message-ID: <000001bff036$94fea5c0$bb3945a1@jmagdych.na.nai.com>
Date: Mon, 17 Jul 2000 14:32:56 -0700
Reply-To: seclabs@nai.com
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: COVERT Labs <seclabs@nai.com>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_____________________________________________________________________
Network Associates, Inc.
COVERT Labs Security Advisory
July 17, 2000
LISTSERV Web Archive Remote Overflow
COVERT-2000-07
______________________________________________________________________
o Synopsis
The L-Soft LISTSERV web archive (wa,wa.exe) component contains an
unchecked buffer allowing remote execution of arbitrary code with
the privileges of the LISTSERV daemon.
RISK FACTOR: HIGH
______________________________________________________________________
o Vulnerable Systems
L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for
Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all
vendors), and OpenVMS VAX.
______________________________________________________________________
o Vulnerability Information
The web archive component distributed with L-Soft LISTSERV provides
administration services for mailing lists as well as giving users
the ability to subscribe, post and search the list over the web.
By sending a long QUERY_STRING to wa or wa.exe it is possible to
overwrite the stack with user defined data allowing the execution of
arbitrary code on the remote host.
This new vulnerability differs from a previous issue addressed on the
5th May 2000 discussed at:
http://www.lsoft.com/news/default.asp?item=advisory0
______________________________________________________________________
o Resolution
L-Soft has provided a patch for this issue. Please see their
advisory for more information:
http://www.lsoft.com/news/default.asp?item=Advisory1
______________________________________________________________________
o Credits
This vulnerability was discovered by Barnaby Jack at the COVERT Labs
of PGP Security.
______________________________________________________________________
o Contact Information
For more information about the COVERT Labs at PGP Security, visit our
website at http://www.nai.com/covert or send e-mail to covert@nai.com
______________________________________________________________________
o Legal Notice
The information contained within this advisory is Copyright (C) 2000
Networks Associates Technology Inc. It may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way.
Network Associates and PGP are registered Trademarks of Network
Associates, Inc. and/or its affiliated companies in the United States
and/or other Countries. All other registered and unregistered
trademarks in this document are the sole property of their respective
owners.
______________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>
iQA/AwUBOXN7iKF4LLqP1YESEQJJJACgvAtqCa2x7QNcc2T2bSqkRde2QkMAmwRy
bTg6GICsow7f3m8/3Xg3i0Xw
=EgIE
-----END PGP SIGNATURE-----
(5279594) ------------------------------------------