Detections
Analytics

Novell GroupWise Messenger Accept Language Remote Overflow

critical Nessus Plugin ID 21243

Language:

Synopsis

It is possible to execute code on the remote web server.

Description

The remote host is running Novell Messenger Messaging Agent, an enterprise instant messaging server for Windows, Linux, and Netware.

This version of this service is running an HTTP server which is vulnerable to a stack overflow.

An attacker can exploit this vulnerability to execute code on the remote host.

Solution

Upgrade to Groupwise Messenger 2.0.1 beta3 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-06-008/

Plugin Details

Severity: Critical

ID: 21243

File Name: nmma_overflow.nasl

Version: 1.18

Type: remote

Published: 4/19/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/13/2006

Vulnerability Publication Date: 4/13/2006

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Novell Messenger Server 2.0 Accept-Language Overflow)

Reference Information

CVE: CVE-2006-0992

BID: 17503