PT-2006-2081 · L Soft+1 · Listserv Lite+2
Peter Winter-Smith
·
Published
2006-03-07
·
Updated
2018-10-18
·
CVE-2006-1044
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
LISTSERV versions 14.3 through 14.4
Description
The issue is related to multiple buffer overflows in the web archive interface of LISTSERV, including LISTSERV Lite and HPO. This allows remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI.
Recommendations
For LISTSERV versions 14.3 through 14.4, consider disabling the web archive interface until a patch is available. Restrict access to the WA CGI to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hpo
Listserv
Listserv Lite