Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability
BID:17503
Info
Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17503 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-0992 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2006 12:00AM |
| Updated: | Nov 02 2007 11:56PM |
| Credit: | Discovered by CIRT.DK. |
| Vulnerable: |
Novell GroupWise Messenger 2.0 |
| Not Vulnerable: | |
Discussion
Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability
Novell GroupWise Messenger is prone to a remote buffer-overflow vulnerability.
The vulnerability affects the Novell Messaging Agent component and arises when the server handles an 'Accept-Language' header containing excessive data.
A successful attack may lead to arbitrary code execution in the context of SYSTEM or superuser.
Novell GroupWise Messenger 2.0 is vulnerable to this issue.
Novell GroupWise Messenger is prone to a remote buffer-overflow vulnerability.
The vulnerability affects the Novell Messaging Agent component and arises when the server handles an 'Accept-Language' header containing excessive data.
A successful attack may lead to arbitrary code execution in the context of SYSTEM or superuser.
Novell GroupWise Messenger 2.0 is vulnerable to this issue.
Exploit / POC
Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploit code is available.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploit code is available.
Solution / Fix
Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information and fixes.
Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information and fixes.
References
Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability
References:
References: