Novell GroupWise Internet Agent e-mail address buffer overflow

2009-06-05T00:00:00
ID SAINT:610B2A108454024EF5905E68674F1D30
Type saint
Reporter SAINT Corporation
Modified 2009-06-05T00:00:00

Description

Added: 06/05/2009
CVE: CVE-2009-1636
BID: 35064
OSVDB: 54645

Background

Novell GroupWise is an e-mail and collaboration product suite.

Problem

A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address to the SMTP service.

Resolution

Apply GroupWise 7.03 Hot Patch 3 or 8.0 Hot Patch 2.

References

<http://www.novell.com/support/viewContent.do?externalId=7003273>

Limitations

Exploit works on Novell GroupWise 7.03. After running this exploit, there may be a delay before the shell connection is established.

Platforms

Windows 2000