// For flags

CVE-2007-2171

Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.

Desbordamiento de búfer basado en pila en la función base64_decode en GWINTER.exe en Novell GroupWise (GW) WebAccess anterior a 7.0 SP2 permite a atacantes remotos ejecutar código de su elección a través de un contenido grande en base64 en una respuesta HTTP Basic Authentication.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.

*Credits: Tenable Network Security
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-04-18 CVE Published
  • 2007-04-22 CVE Reserved
  • 2024-06-19 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
7.0
Search vendor "Novell" for product "Groupwise" and version "7.0"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
7.0
Search vendor "Novell" for product "Groupwise" and version "7.0"
sp1
Affected