SAINT CorporationSAINT:610B2A108454024EF5905E68674F1D30Novell GroupWise Internet Agent e-mail address buffer overflow
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.509 Medium
EPSS
Percentile
97.5%
Added: 06/05/2009
CVE: CVE-2009-1636
BID: 35064
OSVDB: 54645
Background
Novell GroupWise is an e-mail and collaboration product suite.
Problem
A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address to the SMTP service.
Resolution
Apply GroupWise 7.03 Hot Patch 3 or 8.0 Hot Patch 2.
References
<http://www.novell.com/support/viewContent.do?externalId=7003273>
Limitations
Exploit works on Novell GroupWise 7.03. After running this exploit, there may be a delay before the shell connection is established.
Platforms
Windows 2000
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.509 Medium
EPSS
Percentile
97.5%