Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0410

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-0410
Last Modified 04 Feb 2009 12:00:00
Published 03 Feb 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0410

Summary

Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.

Vulnerable Systems

Application

  • Novell Groupwise 6.5

  • Novell Groupwise 7.0

  • Novell Groupwise 7.01

  • Novell Groupwise 7.02x

  • Novell Groupwise 7.03

  • Novell Groupwise 8.0


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-09-010/

CONFIRM - http://download.novell.com/Download?buildid=GjZRRdqCFW0

BID - 33560

BUGTRAQ - 20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=7002502

SECUNIA - 33744


Last Updated: 27 May 2016 10:50:14