Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities

2009.05.27
Credit: VUPEN Security Research
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-1636
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

VUPEN Security Research Advisory - VUPEN-SR-2009-01 // VUPEN-SR-2009-02 Advisory URL: http://www.vupen.com/english/advisories/2009/1393 May 22, 2009 I. BACKGROUND ---------------------- Novell GroupWise is a complete collaboration software solution that provides information workers with e-mail, calendaring, instant messaging, task management, and contact and document management functions. The leading alternative to Microsoft Exchange, GroupWise has long been praised by customers and industry watchers for its security and reliability. http://www.novell.com/products/groupwise/ II. DESCRIPTION --------------------- VUPEN Security discovered two critical vulnerabilities affecting Novell GroupWise 8.x and 7.x. The first issue is caused due to a buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing specially crafted email addresses via SMTP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. The second vulnerability is caused due to a buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing certain SMTP requests, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. III. AFFECTED PRODUCTS --------------------------------- Novell GroupWise version 7.03 HP2 and prior Novell GroupWise version 8.0.0 HP1 and prior IV. Exploit Codes & PoC ---------------------------- Fully functional remote code execution exploit codes have been developed by VUPEN Security and are available through the VUPEN Exploits & PoCs Service. http://www.vupen.com/exploits V. SOLUTION ------------------ For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later VI. CREDIT -------------- These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security VII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2009/1393 http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId= 1 http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId= 1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636 VIII. DISCLOSURE TIMELINE ----------------------------------- 18/02/2009 - Vendor notified 18/02/2009 - Vendor response 21/05/2009 - Vendor issues fixed version 22/05/2009 - Coordinated public Disclosure

References:

https://bugzilla.novell.com/show_bug.cgi?id=482914
https://bugzilla.novell.com/show_bug.cgi?id=478892


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top