CVE-2009-1636

critical

Description

Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50693

https://exchange.xforce.ibmcloud.com/vulnerabilities/50692

https://bugzilla.novell.com/show_bug.cgi?id=482914

https://bugzilla.novell.com/show_bug.cgi?id=478892

http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php

http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php

http://www.vupen.com/english/advisories/2009/1393

http://www.securitytracker.com/id?1022276

http://www.securityfocus.com/bid/35065

http://www.securityfocus.com/bid/35064

http://www.securityfocus.com/archive/1/503724/100/0/threaded

http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1

http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1

http://secunia.com/advisories/35177

http://osvdb.org/54645

http://osvdb.org/54644

Details

Source: Mitre, NVD

Published: 2009-05-26

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.68138