Novell GroupWise Internet Agent < 7.03 HP3 / 8.0 HP2 Multiple Buffer Overflows

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The SMTP server running on the remote Windows host has multiple
buffer overflow vulnerabilities.

Description :

A vulnerable version of GroupWise Internet Agent is running on the
remote host. The software contains unspecified buffer overflow
vulnerabilities that are triggered when processing email addresses
and other specially crafted SMTP requests.

This could allow a remote attacker to crash the service or execute
arbitrary code as SYSTEM.

See also :

http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1

Solution :

Upgrade to Novell GroupWise version 7.03 HP3 / 8.0 HP2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 38972 (groupwise_ia_multiple_overflows.nasl)

Bugtraq ID: 35064
35065

CVE ID: CVE-2009-1636

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now