Skip Navigational Links
LISTSERV email list manager
LISTSERV - COMMUNITY.EMAILOGY.COM
LISTSERV Menu
Log In
Log In
LISTSERV 17.5 Help - LSTSRV-L Archives
LISTSERV Archives
LISTSERV Archives
Search Archives
Search Archives
Register
Register
Log In
Log In

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L
Menu
LISTSERV Archives LISTSERV Archives
LSTSRV-L Home LSTSRV-L Home
Log In Log In
Register Register
Subscribe or Unsubscribe Subscribe or Unsubscribe
Search Archives Search Archives
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Mime-Version:
1.0
Sender:
LISTSERV site administrators' forum <[log in to unmask]>
Subject:
Re: [Fwd: High Risk Vulnerability in L-Soft's LISTSERV Server]
From:
John Kelley <[log in to unmask]>
Date:
Wed, 25 May 2005 21:42:42 -0400
In-Reply-To:
<[log in to unmask]>
Content-Type:
text/plain; charset="us-ascii"; format=flowed
Reply-To:
LISTSERV site administrators' forum <[log in to unmask]>
Parts/Attachments:
text/plain (63 lines) 
Never mind, got it.  I had to clean everything out of the folder first.

John

At 06:03 PM 5/25/2005, you wrote:
>On Wed, 25 May 2005 17:45 , Alexander Willman <[log in to unmask]> said:
>
>>Is there a vulnerability in LISTSERV versions 1.8d through 14.3 as the 
>>forwarded message below indicates?  If so, is there indeed a level set 
>>release newer than 14.3 that fixes the problem?  The LISTSERV download 
>>web site still indicates that 14.3 is the latest version.  Thanks.
>
>The latest download should include a fixed wa executable.
>
>Alan Thew
>>
>>                         Alex
>>
>>
>>-------- Original Message --------
>>Subject: High Risk Vulnerability in L-Soft's LISTSERV Server
>>Date: Wed, 25 May 2005 20:31:29 +0100
>>From: NGSSoftware Insight Security Research <[log in to unmask]>
>>To: [log in to unmask], [log in to unmask], 
>>[log in to unmask]
>>
>>Peter Winter-Smith of NGSSoftware has discovered a number of 
>>vulnerabilities in L-Soft's LISTSERV list management system. The worst of 
>>these carries a high risk rating.
>>
>>Affected versions include:
>>
>>- LISTSERV version 14.3, including LISTSERV Lite and HPO
>>- LISTSERV version 1.8e, including LISTSERV Lite and HPO
>>- LISTSERV version 1.8d, including LISTSERV Lite and HPO
>>
>>Running under Windows and Unix, and OpenVMS AXP.
>>
>>Several of the flaws in question allow remote arbitrary code execution, 
>>others allow remote denial of service.
>>
>>This issue has been resolved in the latest release of L-Soft LISTSERV 
>>(version 14.3 level set 2005a and above), which may be downloaded from:
>>
>>http://www.lsoft.com/download/listserv.asp
>>http://www.lsoft.com/download/listservlite.asp
>>
>>I (Peter Winter-Smith) would like to extend a special thanks to the 
>>support and development teams at L-Soft who were able to address these 
>>issues, from reporting to published fix, in well under a week.
>>
>>NGSSoftware are going to withhold details of this flaw for three months. 
>>Full details will be published on the 25th August 2005. This three month 
>>window will allow users of L-Soft's LISTSERV the time needed to apply the 
>>patch before the details are released to the general public. This 
>>reflects NGSSoftware's approach to responsible disclosure.
>>
>>NGSSoftware Insight Security Research
>>http://www.ngssoftware.com
>>http://www.databasesecurity.com/
>>http://www.nextgenss.com/
>>+44(0)208 401 0070

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM CataList Email List Search Powered by LISTSERV