Re: DANGER ZONE: Internet Explorer

• Previous message: Paul Webster: "Re: Upcoming Windows XP SP2 NX feature"
• In reply to: http-equiv_at_excite.com: "DANGER ZONE: Internet Explorer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Fri, 26 Dec 2003 20:32:59 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

On Fri, 26 Dec 2003 17:02:24 -0000, "http-equiv@excite.com" <1@MALWARE.COM>
wrote:

>There is a small yet critical bug in the mailing list software
>called LISTSERV from http://www.lsoft.com/. A trivial yet important
>ability to effect the common so-called 'cross site scripting' [see:
>http://www.cert.org/advisories/CA-2000-02.html] 'malicious html tag
>embedding in client web requests':

A fix has been made available to correct this. Windows users only (a great
many of our customers) may now download the fixed cgi script from our FTP
site:

  ftp://ftp.lsoft.com/listserv/windows/wa.exe

A revised WA cgi script for LISTSERV users on running other platforms (various
flavors of unix and openVMS) is forthcoming. Testing on 10+ operating systems
takes a while, sorry. A general public announcement about the nature of the
exposure and the fix will be made by L-Soft once testing on all platforms is
completed and the updated versions are available.

>Example:
>
[examples deleted to save space]

None of the given LISTSERV examples will work anymore (generally, a CGI
parameter error is returned). The wa.exe cgi script on all these sites (and
also on the LISTSERV.NTBUGTRAQ.COM site itself) has been updated with the
fixed build of wa.exe.

Kind Regards,
____________________________________________________________________
 Ben Parker Chief Corporate Consultant bparker@lsoft.com
 The Training & Consulting Group consulting@lsoft.com
 L-Soft international, Inc. http://www.lsoft.com
           http://www.lsoft.com/products/default.asp?item=consulting

-----
Editor's Note: The 43rd Most Powerful Person in Networking says...

Wondering as to whether the list is running? The NTBugtraq archives are updated first before messages are emailed to subscribers. Check the archives first to see if you have missed any messages;

http://www.ntbugtraq.com/archives

-----

• Previous message: Paul Webster: "Re: Upcoming Windows XP SP2 NX feature"
• In reply to: http-equiv_at_excite.com: "DANGER ZONE: Internet Explorer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Are We Addressing Cyber Crime Backwards ... Firefox is installed on all the machines I help service. ... However - Thunderbird is used on many of the home clients I service. ... everyone they will need to - because most people are Windows users. ... call someone in to fix it and/or buy a new one. ... (microsoft.public.security) Re: The Year 2038 Problem ... > I had to rewrite a CGI script for the Air Force. ... I was contracted to fix it. ... the overflow bit to double the function's range. ... (comp.lang.c) Re: questions on Intel Macs ... windows users. ... You sir, are a lowdown, lying sack of shit. ... get any attention is by being nameshifting, ... He doesn't fix the problems. ... (comp.sys.mac.advocacy) Re: questions on Intel Macs ... windows users. ... You sir, are a lowdown, lying sack of shit. ... get any attention is by being nameshifting, ... He doesn't fix the problems. ... (comp.sys.mac.advocacy) Re: Premature end of script headers and SUSE 10.0 ... error when I try to pull up a .cgi script. ... I do not know how to fix the error. ... Chris Maaskant. ... (alt.os.linux.suse)