CVE-2007-2171

Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.

Desbordamiento de búfer basado en pila en la función base64_decode en GWINTER.exe en Novell GroupWise (GW) WebAccess anterior a 7.0 SP2 permite a atacantes remotos ejecutar código de su elección a través de un contenido grande en base64 en una respuesta HTTP Basic Authentication.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.

*Credits: Tenable Network Security

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-04-18 CVE Published
2007-04-22 CVE Reserved
2024-06-19 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
http://securityreason.com/securityalert/2610	Third Party Advisory
http://www.securityfocus.com/archive/1/466212/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/23556	Vdb Entry
http://www.securitytracker.com/id?1017932	Vdb Entry
http://www.vupen.com/english/advisories/2007/1455	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-07-015.html	X_refsource_misc

URL	Date	SRC

URL	Date	SRC
http://download.novell.com/Download?buildid=8RF83go0nZg~	2018-10-16
http://download.novell.com/Download?buildid=O9ucpbS1bK0~	2018-10-16

URL	Date	SRC
http://secunia.com/advisories/24944	2018-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Novell Search vendor "Novell"		Groupwise Search vendor "Novell" for product "Groupwise"				7.0 Search vendor "Novell" for product "Groupwise" and version "7.0"		-		Affected
Novell Search vendor "Novell"		Groupwise Search vendor "Novell" for product "Groupwise"				7.0 Search vendor "Novell" for product "Groupwise" and version "7.0"		sp1		Affected