Lucene search
SAINT CorporationSAINT:138705C17FEBFEA9DB12840AACEEFE5AHistoryApr 20, 2006 - 12:00 a.m.
Novell GroupWise Messenger Accept-Language buffer overflow
2006-04-2000:00:00
SAINT Corporation
www.saintcorporation.com
12
0.314 Low
EPSS
Percentile
96.5%
Added: 04/20/2006
CVE: CVE-2006-0992
BID: 17503
OSVDB: 24617
Background
Novell GroupWise includes the Messaging Agent which offers an HTTP service on port 8300/TCP.
Problem
A buffer overflow in the Messaging Agent allows remote attackers to execute commands by sending a long, specially crafted **Accept-Language** header in an HTTP request.
Resolution
Apply the fix referenced in Novell Technical Information Document 10100861.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0264.html>
Limitations
Exploit works on Novell GroupWise Messenger Server 2.0.
Platforms
Windows
Related
checkpoint_advisories
checkpoint_advisories
saint
saint
Novell GroupWise Messenger Accept-Language buffer overflow
2006-04-20 00:00:00
Novell GroupWise Messenger Accept-Language buffer overflow
2006-04-20 00:00:00
Novell GroupWise Messenger Accept-Language buffer overflow
2006-04-20 00:00:00
zdi
zdi
Novell GroupWise Messenger Accept-Language Buffer Overflow Vulnerability
2006-04-13 00:00:00
canvas
canvas
Immunity Canvas: GROUPWISE_MESSENGER
2006-04-14 10:02:00
packetstorm
packetstorm
Novell Messenger Server 2.0 Accept-Language Overflow
2009-11-26 00:00:00
nessus
nessus
Novell GroupWise Messenger Accept Language Remote Overflow
2006-04-19 00:00:00
prion
prion
Stack overflow
2006-04-14 10:02:00
cve
cve
CVE-2006-0992
2006-04-14 10:02:00
CVE-2006-0092
2006-01-05 11:03:00