Lucene search

SAINT CorporationSAINT:F5F761D1DC4DE03C873DDBAB6BE84F20

HistoryJul 07, 2008 - 12:00 a.m.

Novell GroupWise Messenger HTTP response handling buffer overflow

2008-07-0700:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.906 High

EPSS

Percentile

98.5%

JSON

Added: 07/07/2008
CVE: CVE-2008-2703
BID: 29602
OSVDB: 46041

Background

GroupWise Messenger is an instant messaging client for Novell GroupWise.

Problem

Novell GroupWise is affected by a buffer overflow vulnerability which could allow command execution when the client program processes specially crafted HTTP responses.

Resolution

Upgrade to GroupWise Messenger 2.0.3 Hot Patch 1.

References

<http://secunia.com/advisories/30576>

Limitations

Exploit works on Novell GroupWise Messenger 2.0.0 and requires a user to log into the exploit server from Novell GroupWise Messenger.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.906 High

EPSS

Percentile

98.5%

JSON

Related for SAINT:F5F761D1DC4DE03C873DDBAB6BE84F20