[VIM] LISTSERV release notes reveal partial vuln details
Steven M. Christey
coley at mitre.org
Mon Mar 6 21:08:39 EST 2006
Regarding:
BUGTRAQ:20060304 Critical Risk Vulnerability in L-Soft Listserv
URL:http://www.securityfocus.com/archive/1/archive/1/426770/100/0/threaded
SECTRACK:1015722, BID:16951, FRSIRT:ADV-2006-0824
I traipsed around some mailing list archives and found this:
http://peach.ease.lsoft.com/scripts/wa.exe?A2=ind0603&L=lstsrv-l&T=0&P=1442
A followup post yielded this:
http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert
A number of buffer overruns were found in the WA CGI stage for all
platforms after the release of LISTSERV 14.4. This discovery
triggered a full code audit and overhaul of WA for LISTSERV 14.5...
The vunerabilities were found and graciously reported by Peter
Winter-Smith of Next Generation Security Software, Ltd.
- Steve
More information about the VIM
mailing list