L-Soft Listserv SMTP Buffer Overflow Vulnerability

L-Soft Listserv SMTP Buffer Overflow Vulnerability

A buffer overrun vulnerability has been discovered in Listserv. The issue occurs when excessive data is supplied through the first,second or third argument of an 'add' command, which may be embedded in an email body. This issue occurs due to insufficient bounds checking on user-supplied input.

By exploiting this issue to overwrite an instruction pointer an attacker may gain the ability to execute arbitrary instructions. As Listserv is typically installed setgid 'mail', all commands executed by the attacker will be run with the group privileges of 'mail'.