Lucene search
SAINT CorporationSAINT:D551519FA1167DB60F0F5D6505FEBEF8HistoryApr 25, 2007 - 12:00 a.m.
Novell GroupWise WebAccess base64_decode buffer overflow
2007-04-2500:00:00
SAINT Corporation
www.saintcorporation.com
11
0.946 High
EPSS
Percentile
99.3%
Added: 04/25/2007
CVE: CVE-2007-2171
BID: 23556
OSVDB: 35018
Background
Novell GroupWise includes a WebAccess service which allows users to access their e-mail using a web browser.
Problem
A buffer overflow in the base64_decode function allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic Authentication request.
Resolution
Upgrade to Groupwise 7.0 SP2 for Windows or Linux.
References
<http://www.zerodayinitiative.com/advisories/ZDI-07-015.html>
Limitations
Exploit works on Novell GroupWise 7.0.
Platforms
Windows
Related
canvas
canvas
Immunity Canvas: GROUPWISE_WEBACCESS
2007-04-24 20:19:00
saint
saint
Novell GroupWise WebAccess base64_decode buffer overflow
2007-04-25 00:00:00
Novell GroupWise WebAccess base64_decode buffer overflow
2007-04-25 00:00:00
Novell GroupWise WebAccess base64_decode buffer overflow
2007-04-25 00:00:00
securityvulns
securityvulns
ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
2007-04-20 00:00:00
Novell Groupwise WebAccess buffer overflow
2007-04-20 00:00:00
prion
prion
Stack overflow
2007-04-24 20:19:00
cvelist
cvelist
CVE-2007-2171
2007-04-24 20:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow
2007-04-23 00:00:00
cve
cve
CVE-2007-2171
2007-04-24 20:19:00
nvd
nvd
CVE-2007-2171
2007-04-24 20:19:00
zdi
zdi
Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
2007-04-18 00:00:00