| VID |
21852 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Listserv, according to its version number, has multiple vulnerabilities which exist in versions prior to 14.5. L-Soft Listserv is a commercial mailing list management system that creates, manages, and controls an electronic mailing list. Listserv Lite and HPO versions prior to 14.5 are vulnerable to multiple buffer overflow vulnerabilities in the Web Archive and Administration (WA) interface CGI programs. A remote attacker could exploit these vulnerabilities to execute arbitrary code on the affected system with the privileges of the web server.
* Note: This check solely relied on the version number of Listserv Web interface on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert
http://www.securityfocus.com/archive/1/426770/30/0/threaded
http://www.ngssoftware.com/advisories/listserv_3.txt
http://www.kb.cert.org/vuls/id/841132
http://www.frsirt.com/english/advisories/2006/0824
http://securitytracker.com/id?1015722
http://secunia.com/advisories/19106
* Platforms Affected:
L-Soft, Listserv Lite and HPO versions prior to 14.5
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Listserv Lite and HPO (14.5 or later), available from the L-Soft Listserv Download Web sites:
http://www.lsoft.com/download/listserv.asp
http://www.lsoft.com/download/listservlite.asp |
| Related URL |
CVE-2006-1044 (CVE) |
| Related URL |
16951 (SecurityFocus) |
| Related URL |
(ISS) |
|
