COMMAND

    listserv

SYSTEMS AFFECTED

    L-Soft LISTSERV Web Archives 1.8x

PROBLEM

    Following  is  based  on  Network  Associates COVERT Labs Security
    Advisory.  The L-Soft  LISTSERV web archive (wa,wa.exe)  component
    contains  an  unchecked  buffer   allowing  remote  execution   of
    arbitrary code with the privileges of the LISTSERV daemon.

    Vulnerable are found L-Soft LISTSERV Web Archives 1.8d (confirmed)
    and 1.8c (inferred)  for Windows 9x,  Windows NT 3.5x,  Windows NT
    4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.

    The  web  archive  component  distributed  with  L-Soft   LISTSERV
    provides  administration  services  for  mailing  lists as well as
    giving users the  ability to subscribe,  post and search  the list
    over the web.  By sending  a long QUERY_STRING to wa or  wa.exe it
    is  possible  to  overwrite  the  stack  with  user  defined  data
    allowing the execution of arbitrary code on the remote host.

    This new vulnerability differs from a previous issue addressed  on
    the 5th May 2000 discussed at:

        http://www.lsoft.com/news/default.asp?item=advisory0
        http://oliver.efri.hr/~crv/security/bugs/Others/lserver2.html

    This vulnerability was  discovered by Barnaby  Jack at the  COVERT
    Labs of PGP Security.

SOLUTION

    L-Soft has  provided a  patch for  this issue.   Please see  their
    advisory for more information:

        http://www.lsoft.com/news/default.asp?item=Advisory1