Vulnerability CVE-2007-2171


Published: 2007-04-24   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.

See advisories in our WLB2 database:
Topic
Author
Date
High
Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
Tenable Network ...
26.04.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Novell -> Groupwise 

 References:
http://download.novell.com/Download?buildid=8RF83go0nZg
~
http://download.novell.com/Download?buildid=O9ucpbS1bK0
~
http://securityreason.com/securityalert/2610
http://www.securityfocus.com/archive/1/466212/100/0/threaded
http://www.securityfocus.com/bid/23556
http://www.securitytracker.com/id?1017932
http://www.vupen.com/english/advisories/2007/1455
http://www.zerodayinitiative.com/advisories/ZDI-07-015.html

Copyright 2024, cxsecurity.com

 

Back to Top