Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
BID:23556
Info
Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 23556 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2171 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2007 12:00AM |
| Updated: | Apr 24 2007 02:00AM |
| Credit: | Tenable Network Security is credited with the discovery of this vulnerability |
| Vulnerable: |
Novell Groupwise 7.0 Novell Groupwise 7.0.0 SP1 |
| Not Vulnerable: |
Novell Groupwise 7.0.0 SP2 |
Discussion
Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
An exploit is available to members of the Immunity Partner's program. This exploit is not known to be available to the public. It may be obtained from the following URI:
https://www.immunityinc.com/downloads/immpartners/groupwise_webaccess.tar
An exploit is available to members of the Immunity Partner's program. This exploit is not known to be available to the public. It may be obtained from the following URI:
https://www.immunityinc.com/downloads/immpartners/groupwise_webaccess.tar
Solution / Fix
Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
References:
References: