CVE-2010-4714

Sažetak

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.

Reference

http://www.facebook.com/note.php?note_id=477865030928
http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1
http://zerodayinitiative.com/advisories/ZDI-10-247/
https://bugzilla.novell.com/show_bug.cgi?id=627942

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

26-04-2011 - 04:00

Objavljeno

31-01-2011 - 20:00