Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow

Critical Nessus Plugin ID 25084

Synopsis

It is possible to execute code on the remote host.

Description

The remote host is running a version of GroupWise WebAccess from Novell that is vulnerable to a stack overflow in the way it handles HTTP Basic Authentication.

By sending a specially crafted request, an attacker can exploit this flaw to execute code on the remote host with administrative privileges.

Solution

Upgrade to GroupWise 7.0 SP2 or later.

See Also

https://www.tenable.com/security/research/tra-2007-01

https://www.zerodayinitiative.com/advisories/ZDI-07-015/

Plugin Details

Severity: Critical

ID: 25084

File Name: groupwise_webaccess_overflow.nasl

Version: 1.17

Type: remote

Published: 2007/04/23

Updated: 2018/11/15

Dependencies: 10107

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:groupwise_webaccess

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/04/16

Vulnerability Publication Date: 2007/04/18

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2007-2171

BID: 23556