MidnightBSD

Advisories for listar

CVE-2002-0467 HIGH

Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
listar listar 0.126a
listar listar 0.127a
ecartis ecartis 1.0.0_snapshot_2002-01-21
listar listar 0.129a
CVE-2002-0468 MEDIUM

Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ecartis ecartis 1.0.0_snapshot_2002-01-25
listar listar 0.126a
listar listar 0.127a
ecartis ecartis 1.0.0_snapshot_2002-01-21
listar listar 0.129a
CVE-2002-0469 HIGH

Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ecartis ecartis 1.0.0_snapshot_2002-01-25
listar listar 0.126a
listar listar 0.127a
ecartis ecartis 1.0.0_snapshot_2002-01-21
listar listar 0.129a