CVE-2009-1636
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.7 High
AI Score
Confidence
Low
0.509 Medium
EPSS
Percentile
97.5%
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
Affected configurations
References
osvdb.org/54644
osvdb.org/54645
secunia.com/advisories/35177
www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1
www.securityfocus.com/archive/1/503724/100/0/threaded
www.securityfocus.com/bid/35064
www.securityfocus.com/bid/35065
www.securitytracker.com/id?1022276
www.vupen.com/english/advisories/2009/1393
www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php
www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php
bugzilla.novell.com/show_bug.cgi?id=478892
bugzilla.novell.com/show_bug.cgi?id=482914
exchange.xforce.ibmcloud.com/vulnerabilities/50692
exchange.xforce.ibmcloud.com/vulnerabilities/50693
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.7 High
AI Score
Confidence
Low
0.509 Medium
EPSS
Percentile
97.5%