Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0992

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-0992
Last Modified 07 Mar 2011 09:31:32
Published 14 Apr 2006 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0992

Summary

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.

Vulnerable Systems

Application

  • Novell Groupwise Messenger 2.0


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-008.html

BID - 17503

CONFIRM - http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm

VUPEN - ADV-2006-1355

BUGTRAQ - 20060413 ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow

XF - groupwise-accept-language-bo(25828)

OSVDB - 24617

MILW0RM - 1679

SECTRACK - 1015911

SECUNIA - 19663

MISC - http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html

MISC - http://cirt.dk/advisories/cirt-42-advisory.txt


Last Updated: 27 May 2016 10:41:52