Vulnerability Details CVE-2009-1636
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.681
EPSS Ranking 98.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/54644
- http://osvdb.org/54645
- http://secunia.com/advisories/35177
- http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
- http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1
- http://www.securityfocus.com/archive/1/503724/100/0/threaded
- http://www.securityfocus.com/bid/35064
- http://www.securityfocus.com/bid/35065
- http://www.securitytracker.com/id?1022276
- http://www.vupen.com/english/advisories/2009/1393
- http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php
- http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php
- https://bugzilla.novell.com/show_bug.cgi?id=478892
- https://bugzilla.novell.com/show_bug.cgi?id=482914
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50692
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50693
- http://osvdb.org/54644
- http://osvdb.org/54645
- http://secunia.com/advisories/35177
- http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
- http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1
- http://www.securityfocus.com/archive/1/503724/100/0/threaded
- http://www.securityfocus.com/bid/35064
- http://www.securityfocus.com/bid/35065
- http://www.securitytracker.com/id?1022276
- http://www.vupen.com/english/advisories/2009/1393
- http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php
- http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php
- https://bugzilla.novell.com/show_bug.cgi?id=478892
- https://bugzilla.novell.com/show_bug.cgi?id=482914
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50692
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50693
Products affected by CVE-2009-1636
-
cpe:2.3:a:novell:groupwise:7.0
-
cpe:2.3:a:novell:groupwise:7.0.0
-
cpe:2.3:a:novell:groupwise:7.0.2
-
cpe:2.3:a:novell:groupwise:7.0.3
-
cpe:2.3:a:novell:groupwise:7.01
-
cpe:2.3:a:novell:groupwise:7.03
-
cpe:2.3:a:novell:groupwise:8.0