CVE-2006-1044 - Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web a

CVE-2006-1044

Summary

Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603. This vulnerability affects L-Soft, Listserv (LITE and HPO) 14.4 and all prior versions that are installed with the web archive interface.

References

Vulnerable Configurations

cpe:2.3:a:lsoft:listserv:14.3:*:*:*:*:*:*:*
cpe:2.3:a:lsoft:listserv:14.3:*:*:*:*:*:*:*
cpe:2.3:a:lsoft:listserv:14.4:*:*:*:*:*:*:*
cpe:2.3:a:lsoft:listserv:14.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16951
bugtraq	20060304 Critical Risk Vulnerability in L-Soft Listserv
cert-vn	VU#841132
confirm	http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert
misc	http://www.ngssoftware.com/advisories/listserv_3.txt
sectrack	1015722
secunia	19106
vupen	ADV-2006-0824
xf	listserv-wa-cgi-bo(25168)

Last major update

18-10-2018 - 16:30

Published

07-03-2006 - 11:02

Last modified

18-10-2018 - 16:30