exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

LISTSERV Maestro 9.0-8 Remote Code Execution

LISTSERV Maestro 9.0-8 Remote Code Execution
Posted Oct 20, 2020
Authored by b0yd | Site securifera.com

An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

tags | advisory, remote, web, root, code execution
systems | linux, windows
advisories | CVE-2010-1870
SHA-256 | 47ea69c299460db10d186131b9f1c65c7396d9a132d29b4816b4093286ef4a74

LISTSERV Maestro 9.0-8 Remote Code Execution

Change Mirror Download
Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability



References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp



Release Date:

=============

2020-10-20



Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers with targeted, intelligence-based opt-in
campaigns. It offers easy tracking, reporting and list segmentation in a
complete email marketing and analytics package.





Vulnerability Information:

==============================

Class: CWE-917 : Expression Language (EL) Injection

Impact: Remote Code Execution

Remotely Exploitable: Yes

Locally Exploitable: Yes

CVE Name: CVE-2010-1870



Vulnerability Description:

==============================

A unauthenticated remote code execution vulnerability was found in the
LISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems
from a known issue in struts, CVE-2010-1870, that allows for code execution
via OGNL Injection. This vulnerability has been confirmed to be exploitable
in both the Windows and Linux version of the software and has existed in the
LISTSERV Maestro software since at least version 8.1-5. As a result, a
specially crafted HTTP request can be constructed that executes code in the
context of the web application. Exploitation of this vulnerability does not
require authentication and can lead to root level privilege on any system
running the LISTServ Maestro services.



Vulnerability Disclosure Timeline:

==================================

2020-10-12: Contact Vendor and Request Security Contact Info From Support
Team

2020-10-12: Report Vulnerability Information to Vendor

2020-10-12: Vendor Confirms Submission

2020-10-13: Vendor Releases Patch

2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates
CVE-2010-1870 but suggest upgrading vulnerable struts library

2020-10-15: Vendor Approves Public Disclosure





Affected Product(s):

====================

LISTSERV Maestro 9.0-8 and prior



Severity Level:

===============

High



Proof of Concept (PoC):

=======================

A proof of concept will not be provided at this time.



Solution - Fix & Patch:

=======================

Temporary patch:
https://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip



Security Risk:

==============

The security risk of this remote code execution vulnerability is estimated
as high. (CVSS 10.0)



Credits & Authors:

==================

Securifera, Inc - b0yd (@rwincey)



Disclaimer & Information:

=========================

The information provided in this advisory is provided as it is without any
warranty. Securifera disclaims all

warranties, either expressed or implied,

including the warranties of merchantability and capability for a particular
purpose. Securifera is not liable in any

case of damage,

including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Securifera

or its suppliers have been advised

of the possibility of such damages. Some states do not allow the exclusion
or limitation of liability for consequential

or incidental damages so the foregoing

limitation may not apply. We do not approve or encourage anybody to break
any licenses, policies, or hack into any

systems.



Domains: www.securifera.com

Contact: contact [at] securifera [dot] com

Social: twitter.com/securifera



Copyright C 2020 | Securifera, Inc



Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close