CVE-2010-4326
Novell GroupWise Internet Agent REQUEST-STATUS Parsing Remote Code Execution Vulnerability
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message.
Múltiples desbordamientos de búfer en gwwww1.dll en GroupWise Internet Agent de (GWIA) en Novell GroupWise anteriores a v8.02HP permite a atacantes remotos ejecutar código arbitrario a través de las variables en un mensaje VCALENDAR, como lo demuestra con variables largas (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, o (4) RRULE en este mensaje.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a REQUEST-STATUS variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-11-29 CVE Reserved
- 2011-01-25 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.facebook.com/note.php?note_id=477865030928 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/45994 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-025 | X_refsource_misc |
|
| http://zerodayinitiative.com/advisories/ZDI-10-239 | X_refsource_misc | |
| http://zerodayinitiative.com/advisories/ZDI-10-240 | X_refsource_misc | |
| http://zerodayinitiative.com/advisories/ZDI-10-243 | X_refsource_misc | |
| https://bugzilla.novell.com/show_bug.cgi?id=642339 | X_refsource_confirm | |
| https://bugzilla.novell.com/show_bug.cgi?id=642340 | X_refsource_confirm | |
| https://bugzilla.novell.com/show_bug.cgi?id=642345 | X_refsource_confirm | |
| https://bugzilla.novell.com/show_bug.cgi?id=642349 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64929 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7007155&sliceId=1 | 2017-08-17 | |
| http://www.vupen.com/english/advisories/2011/0219 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | <= 8.0.2 Search vendor "Novell" for product "Groupwise" and version " <= 8.0.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 4.1 Search vendor "Novell" for product "Groupwise" and version "4.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 4.1a Search vendor "Novell" for product "Groupwise" and version "4.1a" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.0 Search vendor "Novell" for product "Groupwise" and version "5.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.1 Search vendor "Novell" for product "Groupwise" and version "5.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.2 Search vendor "Novell" for product "Groupwise" and version "5.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.5 Search vendor "Novell" for product "Groupwise" and version "5.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.5 Search vendor "Novell" for product "Groupwise" and version "5.5" | enhancement_pack |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.57e Search vendor "Novell" for product "Groupwise" and version "5.57e" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | sp5 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0.1 Search vendor "Novell" for product "Groupwise" and version "6.0.1" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp2 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp3 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp4 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp5 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp6 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.2 Search vendor "Novell" for product "Groupwise" and version "6.5.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.3 Search vendor "Novell" for product "Groupwise" and version "6.5.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.4 Search vendor "Novell" for product "Groupwise" and version "6.5.4" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.6 Search vendor "Novell" for product "Groupwise" and version "6.5.6" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.7 Search vendor "Novell" for product "Groupwise" and version "6.5.7" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0 Search vendor "Novell" for product "Groupwise" and version "7.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.1 Search vendor "Novell" for product "Groupwise" and version "7.0.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.2 Search vendor "Novell" for product "Groupwise" and version "7.0.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.3 Search vendor "Novell" for product "Groupwise" and version "7.0.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.4 Search vendor "Novell" for product "Groupwise" and version "7.0.4" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 8.0 Search vendor "Novell" for product "Groupwise" and version "8.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 8.0.1 Search vendor "Novell" for product "Groupwise" and version "8.0.1" | - |
Affected
| ||||||