SAINT CorporationSAINT:1B86FA38D5F5380C47C405F1E5D8F316Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
93.3%
Added: 08/03/2010
CVE: CVE-2010-2777
BID: 41704
OSVDB: 66623
Background
Novell GroupWise is an e-mail and collaboration product suite.
Problem
A buffer overflow vulnerability exists within the IMAP component of the Novell GroupWise Internet Agent service and is due to a boundary error while handling a provided mailbox name for the CREATE command. An authenticated attacker could exploit this vulnerability by sending a crafted message to the server.
Resolution
Update or apply the patch as specified in the Novell advisory.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-129>
Limitations
Exploit works on Novell GroupWise 8.0.
A valid IMAP user must be provided to the exploit script.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
93.3%