On Thu, 26 Aug 1999 12:31:30 EDT, Listserv Admin <[log in to unmask]>  said:
>   Maybe you could be a bit more explicit?  What header is actually
> replaced with the password that could cause listserv to bypass the "real
> owner"?

If you're the list owner, I can't forge a 'PUT listname LIST' or similar.

Unless of course, I can get the entire 'PUT listname LIST PW=xyzzy' correct.

Same goes for ADD, DELETE, and any other list-owner-only operation.

Now, it's a LITTLE harder to do this *and* dissapear the Listserv reply so
that the actual list owner doesn't see it, but it's doable by a sufficiently
determined adversary (hint - the secret is a Denial Of Service attack.  Has
YOUR system been patched against things like SYN-flooding, or TCP sequence
number prediction, or any of those OTHER nasty problems? ;)

--
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech