| VID |
21851 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Listserv, according to its version number, has multiple vulnerabilities which exist in versions prior to 14.3-2005a. L-Soft Listserv is a commercial mailing list management system that creates, manages, and controls an electronic mailing list. Listserv Lite and Pro versions 14.3, 1.8e and 1.8d are vulnerable to several critical and as-yet unspecified vulnerabilities in the Web Archive and Administration (WA) interface CGI programs. A remote attacker could exploit these vulnerabilities to execute arbitrary code on the affected system or allow remote denial of service.
* Note: This check solely relied on the version number of Listserv Web interface on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://peach.ease.lsoft.com/scripts/wa.exe?A2=ind0505&L=lstsrv-l&T=0&F=&S=&P=4620
http://www.ciac.org/ciac/bulletins/p-194.shtml
http://securitytracker.com/id?1014051
http://secunia.com/advisories/15498/
* Platforms Affected:
L-Soft, Listserv Lite and Pro versions 14.3, 1.8e and 1.8d
Any operating system Any version |
| Recommendation |
Install Listserv version 14.3 level set 2005a or subsequent release, as listed in the L-Soft Security Advisory dated May 25, 2005 at http://www.lsoft.com/news/securityadvisory2005-05.asp |
| Related URL |
CVE-2005-1773 (CVE) |
| Related URL |
13768 (SecurityFocus) |
| Related URL |
20761 (ISS) |
|
