CVE-2012-0271

Sažetak

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.

Reference

http://osvdb.org/85426
http://www.novell.com/support/kb/doc.php?id=7010769
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61
https://bugzilla.novell.com/show_bug.cgi?id=746199

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

02-04-2013 - 03:14

Objavljeno

19-09-2012 - 10:57