Title: L-Soft Listserv SMTP Buffer Overflow Vulnerability
Severity: HIGH
Description:
Listserv is a publicly available multi-platform application used to manage mailing lists.
A buffer overrun vulnerability has been discovered in Listserv. The issue occurs when excessive data (>256 Bytes) is supplied through the first, second or third argument of an 'add' command, which may be embedded in an email body. This issue occurs due to insufficient bounds checking on user-supplied input.
By exploiting this issue to overwrite an instruction pointer an attacker may gain the ability to execute arbitrary instructions. As Listserv is typically installed setgid 'mail', all commands executed by the attacker will be run with the group privileges of 'mail'. If this vulnerability is successfully exploited the attacker may exploit underlying local vulnerabilities to escalate privilege.
Affected Products:
- L-Soft Listserv 1.8.0c
References:
- L-Soft: Listserv Product Home Page
- PLaGuEZ <root@meat.plaguez.org>: Listserv buffer overflow
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
