Novell GroupWise Messenger Accept-Language buffer overflow

2006-04-20T00:00:00
ID SAINT:0663FDAD22F89FCA93BDCCEBE253E55E
Type saint
Reporter SAINT Corporation
Modified 2006-04-20T00:00:00

Description

Added: 04/20/2006
CVE: CVE-2006-0992
BID: 17503
OSVDB: 24617

Background

Novell GroupWise includes the Messaging Agent which offers an HTTP service on port 8300/TCP.

Problem

A buffer overflow in the Messaging Agent allows remote attackers to execute commands by sending a long, specially crafted **Accept-Language** header in an HTTP request.

Resolution

Apply the fix referenced in Novell Technical Information Document 10100861.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0264.html>

Limitations

Exploit works on Novell GroupWise Messenger Server 2.0.

Platforms

Windows