Lucene search

MitreCVE-2006-1044

HistoryMar 07, 2006 - 11:02 a.m.

CVE-2006-1044

2006-03-0711:02:00

mitre

web.nvd.nist.gov

cve-2006-1044

buffer overflows

listserv

remote code execution

web archive interface

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.254

Percentile

96.7%

JSON

Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.

Affected configurations

Nvd

Node

lsoftlistservMatch14.3

lsoftlistservMatch14.4

VendorProductVersionCPE
lsoftlistserv14.3cpe:2.3:a:lsoft:listserv:14.3:*:*:*:*:*:*:*
lsoftlistserv14.4cpe:2.3:a:lsoft:listserv:14.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lsoft	listserv	14.3	cpe:2.3:a:lsoft:listserv:14.3:::::::*
lsoft	listserv	14.4	cpe:2.3:a:lsoft:listserv:14.4:::::::*

References

secunia.com/advisories/19106

securitytracker.com/id?1015722

www.kb.cert.org/vuls/id/841132

www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert

www.ngssoftware.com/advisories/listserv_3.txt

www.securityfocus.com/archive/1/426770/100/0/threaded

www.securityfocus.com/bid/16951

www.vupen.com/english/advisories/2006/0824

exchange.xforce.ibmcloud.com/vulnerabilities/25168

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.254

Percentile

96.7%

JSON

Related for CVE-2006-1044