| VID |
22398 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The ListManager software, according to its banner, has an administrative command injection vulnerability via the pw parameter. Lyris ListManager is a web-based commercial mailing list management software utility written in Perl. Lyris ListManager version 8.9c and earlier versions could allow a remote attacker to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter when subscribing a new user. By issuing a specially-crafted request embedding %0A%0D sequences in the pw parameter for the subscription page on the Web interface, a remote attacker could execute arbitrary list administration commands.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://metasploit.com/research/vulns/lyris_listmanager/
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
http://www.frsirt.com/english/advisories/2005/2820
http://osvdb.org/21547
http://secunia.com/advisories/17943/
* Platforms Affected:
Lyris Technologies, Inc., Lyris ListManager version 8.9c and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of ListManager (8.95 or later), available from the Lyris Technologies, Inc. Web site at http://www.lyris.com/products/listmanager/ |
| Related URL |
CVE-2005-4142 (CVE) |
| Related URL |
15786 (SecurityFocus) |
| Related URL |
23577 (ISS) |
|
