Added: 04/25/2007
CVE: CVE-2007-2171
BID: 23556
OSVDB: 35018
Novell GroupWise includes a WebAccess service which allows users to access their e-mail using a web browser.
A buffer overflow in the base64_decode function allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic Authentication request.
Upgrade to Groupwise 7.0 SP2 for Windows or Linux.
<http://www.zerodayinitiative.com/advisories/ZDI-07-015.html>
Exploit works on Novell GroupWise 7.0.
Windows