Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2356

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-2356
Last Modified 09 Jul 2009 12:00:00
Published 07 Jul 2009 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2356

Summary

Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.

Vulnerable Systems

Application

  • Dan Cahill Nulllogic Groupware 1.2.7


References

VUPEN - ADV-2009-1817

BUGTRAQ - 20090706 High security hole in NullLogic Groupware

MISC - http://www.nth-dimension.org.uk/utils/get.php?downloadsid=55


Last Updated: 27 May 2016 10:50:52