Lyris List Manager Privilege Escalation Vulnerability

Lyris' List Manager is a web-based mailing list management utility with server-side components written in perl. Because of a flaw in its authorization mechanism it is possible for mailing list subscribers using the web interface to elevate their privileges, giving them access to all administrative functions. A hidden form value, "list_admin", in the html that subscribers recieve tells the cgi-bin software on the server running List Manager whether the current user is an administrator or not. It is T if they are an administrator, F if they are not. Unfortunately, an attacker can save the generated html to his/her local disk and modify the variable manually. When they submit the form, the cgi-bin will be tricked into thinking they are a legitimate administrator.


Privacy Statement
Copyright 2010, SecurityFocus