|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Novell Groupwise Internet Agent RCPT Command Buffer Overflow Vulnerability (CVE-2009-0410) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | There exists a stack buffer overflow vulnerability in the Novell GroupWise. The vulnerability is due to a boundary error while processing specially crafted SMTP request. Remote attackers can exploit this vulnerability to execute arbitrary code on the target server. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute with the security privileges of the server. In an attack case where code injection is not successful, the affected process will terminate abnormally. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:33560 http://download.novell.com/Download?buildid=GjZRRdqCFW0 http://www.novell.com/support/viewContent.do?externalId=7002502 http://www.securityfocus.com/archive/1/500609/100/0/threaded |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: http://www.novell.com/support/viewContent.do |