Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow

critical Nessus Plugin ID 25084

Synopsis

It is possible to execute code on the remote host.

Description

The remote host is running a version of GroupWise WebAccess from Novell that is vulnerable to a stack overflow in the way it handles HTTP Basic Authentication.

By sending a specially crafted request, an attacker can exploit this flaw to execute code on the remote host with administrative privileges.

Solution

Upgrade to GroupWise 7.0 SP2 or later.

See Also

https://www.tenable.com/security/research/tra-2007-01

https://www.zerodayinitiative.com/advisories/ZDI-07-015/

Plugin Details

Severity: Critical

ID: 25084

File Name: groupwise_webaccess_overflow.nasl

Version: 1.17

Type: remote

Published: 4/23/2007

Updated: 11/15/2018

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:groupwise_webaccess

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/16/2007

Vulnerability Publication Date: 4/18/2007

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2007-2171

BID: 23556