[VIM] LISTSERV release notes reveal partial vuln details
Steven M. Christey
coley at mitre.org
Mon Mar 6 21:08:39 EST 2006
BUGTRAQ:20060304 Critical Risk Vulnerability in L-Soft Listserv
SECTRACK:1015722, BID:16951, FRSIRT:ADV-2006-0824
I traipsed around some mailing list archives and found this:
A followup post yielded this:
A number of buffer overruns were found in the WA CGI stage for all
platforms after the release of LISTSERV 14.4. This discovery
triggered a full code audit and overhaul of WA for LISTSERV 14.5...
The vunerabilities were found and graciously reported by Peter
Winter-Smith of Next Generation Security Software, Ltd.
More information about the VIM