Lucene search

SAINT CorporationSAINT:0663FDAD22F89FCA93BDCCEBE253E55E

HistoryApr 20, 2006 - 12:00 a.m.

Novell GroupWise Messenger Accept-Language buffer overflow

2006-04-2000:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.351 Low

EPSS

Percentile

97.0%

JSON

Added: 04/20/2006
CVE: CVE-2006-0992
BID: 17503
OSVDB: 24617

Background

Novell GroupWise includes the Messaging Agent which offers an HTTP service on port 8300/TCP.

Problem

A buffer overflow in the Messaging Agent allows remote attackers to execute commands by sending a long, specially crafted **Accept-Language** header in an HTTP request.

Resolution

Apply the fix referenced in Novell Technical Information Document 10100861.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0264.html>

Limitations

Exploit works on Novell GroupWise Messenger Server 2.0.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.351 Low

EPSS

Percentile

97.0%

JSON

Related for SAINT:0663FDAD22F89FCA93BDCCEBE253E55E