[VIM] LISTSERV release notes reveal partial vuln details

Steven M. Christey coley at mitre.org
Mon Mar 6 21:08:39 EST 2006


  BUGTRAQ:20060304 Critical Risk Vulnerability in L-Soft Listserv

  SECTRACK:1015722, BID:16951, FRSIRT:ADV-2006-0824

I traipsed around some mailing list archives and found this:


A followup post yielded this:


  A number of buffer overruns were found in the WA CGI stage for all
  platforms after the release of LISTSERV 14.4. This discovery
  triggered a full code audit and overhaul of WA for LISTSERV 14.5...
  The vunerabilities were found and graciously reported by Peter
  Winter-Smith of Next Generation Security Software, Ltd.

- Steve

More information about the VIM mailing list