Lucene search

K
saintSAINT CorporationSAINT:1B86FA38D5F5380C47C405F1E5D8F316
HistoryAug 03, 2010 - 12:00 a.m.

Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow

2010-08-0300:00:00
SAINT Corporation
my.saintcorporation.com
13

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.047 Low

EPSS

Percentile

92.7%

Added: 08/03/2010
CVE: CVE-2010-2777
BID: 41704
OSVDB: 66623

Background

Novell GroupWise is an e-mail and collaboration product suite.

Problem

A buffer overflow vulnerability exists within the IMAP component of the Novell GroupWise Internet Agent service and is due to a boundary error while handling a provided mailbox name for the CREATE command. An authenticated attacker could exploit this vulnerability by sending a crafted message to the server.

Resolution

Update or apply the patch as specified in the Novell advisory.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-129&gt;

Limitations

Exploit works on Novell GroupWise 8.0.

A valid IMAP user must be provided to the exploit script.

Platforms

Windows

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.047 Low

EPSS

Percentile

92.7%

Related for SAINT:1B86FA38D5F5380C47C405F1E5D8F316