Lucene search

SAINT CorporationSAINT:5FA2DD3EBFF5613E92B8C4A95821FFDD

HistoryJun 05, 2009 - 12:00 a.m.

Novell GroupWise Internet Agent e-mail address buffer overflow

2009-06-0500:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.532 Medium

EPSS

Percentile

97.3%

JSON

Added: 06/05/2009
CVE: CVE-2009-1636
BID: 35064
OSVDB: 54645

Background

Novell GroupWise is an e-mail and collaboration product suite.

Problem

A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address to the SMTP service.

Resolution

Apply GroupWise 7.03 Hot Patch 3 or 8.0 Hot Patch 2.

References

<http://www.novell.com/support/viewContent.do?externalId=7003273>

Limitations

Exploit works on Novell GroupWise 7.03. After running this exploit, there may be a delay before the shell connection is established.

Platforms

Windows 2000

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.532 Medium

EPSS

Percentile

97.3%

JSON

Related for SAINT:5FA2DD3EBFF5613E92B8C4A95821FFDD