Lucene search

SAINT CorporationSAINT:34762A1A8B1658522F845B57A80A692E

HistoryJul 07, 2008 - 12:00 a.m.

Novell GroupWise Messenger HTTP response handling buffer overflow

2008-07-0700:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.881 High

EPSS

Percentile

98.7%

JSON

Added: 07/07/2008
CVE: CVE-2008-2703
BID: 29602
OSVDB: 46041

Background

GroupWise Messenger is an instant messaging client for Novell GroupWise.

Problem

Novell GroupWise is affected by a buffer overflow vulnerability which could allow command execution when the client program processes specially crafted HTTP responses.

Resolution

Upgrade to GroupWise Messenger 2.0.3 Hot Patch 1.

References

<http://secunia.com/advisories/30576>

Limitations

Exploit works on Novell GroupWise Messenger 2.0.0 and requires a user to log into the exploit server from Novell GroupWise Messenger.

Platforms

Windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.881 High

EPSS

Percentile

98.7%

JSON

Related for SAINT:34762A1A8B1658522F845B57A80A692E