exploit the possibilities

LISTSERV Maestro 9.0-8 Remote Code Execution

LISTSERV Maestro 9.0-8 Remote Code Execution
Posted Oct 20, 2020
Authored by b0yd | Site securifera.com

An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

tags | advisory, remote, web, root, code execution
systems | linux, windows
advisories | CVE-2010-1870
MD5 | a3168454ee163a5555ee9cdd35609b72

LISTSERV Maestro 9.0-8 Remote Code Execution

Change Mirror Download
Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability



References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp



Release Date:

=============

2020-10-20



Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers with targeted, intelligence-based opt-in
campaigns. It offers easy tracking, reporting and list segmentation in a
complete email marketing and analytics package.





Vulnerability Information:

==============================

Class: CWE-917 : Expression Language (EL) Injection

Impact: Remote Code Execution

Remotely Exploitable: Yes

Locally Exploitable: Yes

CVE Name: CVE-2010-1870



Vulnerability Description:

==============================

A unauthenticated remote code execution vulnerability was found in the
LISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems
from a known issue in struts, CVE-2010-1870, that allows for code execution
via OGNL Injection. This vulnerability has been confirmed to be exploitable
in both the Windows and Linux version of the software and has existed in the
LISTSERV Maestro software since at least version 8.1-5. As a result, a
specially crafted HTTP request can be constructed that executes code in the
context of the web application. Exploitation of this vulnerability does not
require authentication and can lead to root level privilege on any system
running the LISTServ Maestro services.



Vulnerability Disclosure Timeline:

==================================

2020-10-12: Contact Vendor and Request Security Contact Info From Support
Team

2020-10-12: Report Vulnerability Information to Vendor

2020-10-12: Vendor Confirms Submission

2020-10-13: Vendor Releases Patch

2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates
CVE-2010-1870 but suggest upgrading vulnerable struts library

2020-10-15: Vendor Approves Public Disclosure





Affected Product(s):

====================

LISTSERV Maestro 9.0-8 and prior



Severity Level:

===============

High



Proof of Concept (PoC):

=======================

A proof of concept will not be provided at this time.



Solution - Fix & Patch:

=======================

Temporary patch:
https://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip



Security Risk:

==============

The security risk of this remote code execution vulnerability is estimated
as high. (CVSS 10.0)



Credits & Authors:

==================

Securifera, Inc - b0yd (@rwincey)



Disclaimer & Information:

=========================

The information provided in this advisory is provided as it is without any
warranty. Securifera disclaims all

warranties, either expressed or implied,

including the warranties of merchantability and capability for a particular
purpose. Securifera is not liable in any

case of damage,

including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Securifera

or its suppliers have been advised

of the possibility of such damages. Some states do not allow the exclusion
or limitation of liability for consequential

or incidental damages so the foregoing

limitation may not apply. We do not approve or encourage anybody to break
any licenses, policies, or hack into any

systems.



Domains: www.securifera.com

Contact: contact [at] securifera [dot] com

Social: twitter.com/securifera



Copyright C 2020 | Securifera, Inc



Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close