Lucene search

K
saintSAINT CorporationSAINT:D99B3CE84051AC8A430676DA709CF4FC
HistoryJun 05, 2009 - 12:00 a.m.

Novell GroupWise Internet Agent e-mail address buffer overflow

2009-06-0500:00:00
SAINT Corporation
download.saintcorporation.com
10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.509 Medium

EPSS

Percentile

97.5%

Added: 06/05/2009
CVE: CVE-2009-1636
BID: 35064
OSVDB: 54645

Background

Novell GroupWise is an e-mail and collaboration product suite.

Problem

A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address to the SMTP service.

Resolution

Apply GroupWise 7.03 Hot Patch 3 or 8.0 Hot Patch 2.

References

<http://www.novell.com/support/viewContent.do?externalId=7003273&gt;

Limitations

Exploit works on Novell GroupWise 7.03. After running this exploit, there may be a delay before the shell connection is established.

Platforms

Windows 2000

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.509 Medium

EPSS

Percentile

97.5%

Related for SAINT:D99B3CE84051AC8A430676DA709CF4FC