exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

LISTSERV Maestro 9.0-8 Remote Code Execution

LISTSERV Maestro 9.0-8 Remote Code Execution
Posted Oct 20, 2020
Authored by b0yd | Site securifera.com

An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

tags | advisory, remote, web, root, code execution
systems | linux, windows
advisories | CVE-2010-1870
SHA-256 | 47ea69c299460db10d186131b9f1c65c7396d9a132d29b4816b4093286ef4a74

LISTSERV Maestro 9.0-8 Remote Code Execution

Change Mirror Download
Document Title:

===============

LISTSERV Maestro Remote Code Execution Vulnerability



References (Source):

====================

https://www.securifera.com/advisories/sec-2020-0001/

https://www.lsoft.com/products/maestro.asp



Release Date:

=============

2020-10-20



Product & Service Introduction:

===============================

LISTSERV Maestro is an enterprise email marketing solution and allows you to
easily engage your subscribers with targeted, intelligence-based opt-in
campaigns. It offers easy tracking, reporting and list segmentation in a
complete email marketing and analytics package.





Vulnerability Information:

==============================

Class: CWE-917 : Expression Language (EL) Injection

Impact: Remote Code Execution

Remotely Exploitable: Yes

Locally Exploitable: Yes

CVE Name: CVE-2010-1870



Vulnerability Description:

==============================

A unauthenticated remote code execution vulnerability was found in the
LISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems
from a known issue in struts, CVE-2010-1870, that allows for code execution
via OGNL Injection. This vulnerability has been confirmed to be exploitable
in both the Windows and Linux version of the software and has existed in the
LISTSERV Maestro software since at least version 8.1-5. As a result, a
specially crafted HTTP request can be constructed that executes code in the
context of the web application. Exploitation of this vulnerability does not
require authentication and can lead to root level privilege on any system
running the LISTServ Maestro services.



Vulnerability Disclosure Timeline:

==================================

2020-10-12: Contact Vendor and Request Security Contact Info From Support
Team

2020-10-12: Report Vulnerability Information to Vendor

2020-10-12: Vendor Confirms Submission

2020-10-13: Vendor Releases Patch

2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates
CVE-2010-1870 but suggest upgrading vulnerable struts library

2020-10-15: Vendor Approves Public Disclosure





Affected Product(s):

====================

LISTSERV Maestro 9.0-8 and prior



Severity Level:

===============

High



Proof of Concept (PoC):

=======================

A proof of concept will not be provided at this time.



Solution - Fix & Patch:

=======================

Temporary patch:
https://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip



Security Risk:

==============

The security risk of this remote code execution vulnerability is estimated
as high. (CVSS 10.0)



Credits & Authors:

==================

Securifera, Inc - b0yd (@rwincey)



Disclaimer & Information:

=========================

The information provided in this advisory is provided as it is without any
warranty. Securifera disclaims all

warranties, either expressed or implied,

including the warranties of merchantability and capability for a particular
purpose. Securifera is not liable in any

case of damage,

including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Securifera

or its suppliers have been advised

of the possibility of such damages. Some states do not allow the exclusion
or limitation of liability for consequential

or incidental damages so the foregoing

limitation may not apply. We do not approve or encourage anybody to break
any licenses, policies, or hack into any

systems.



Domains: www.securifera.com

Contact: contact [at] securifera [dot] com

Social: twitter.com/securifera



Copyright C 2020 | Securifera, Inc



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close