CVE-2006-1044

Severity

75%

Complexity

99%

Confidentiality

106%

This vulnerability affects L-Soft, Listserv (LITE and HPO) 14.4 and all prior versions that are installed with the web archive interface.

Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.

This vulnerability affects L-Soft, Listserv (LITE and HPO) 14.4 and all prior versions that are installed with the web archive interface.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

L-Soft Listserv

First reported 18 years ago

2006-03-07 11:02:00

Last updated 6 years ago

2018-10-18 16:30:00

Affected Software

L-Soft Listserv 14.3

14.3

L-Soft Listserv 14.4

14.4

References

19106

1015722

Patch, Vendor Advisory

VU#841132

US Government Resource

http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert

Patch

http://www.ngssoftware.com/advisories/listserv_3.txt

20060304 Critical Risk Vulnerability in L-Soft Listserv

16951

Patch

ADV-2006-0824

listserv-wa-cgi-bo(25168)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.