Vulnerability Name:

CVE-2006-0992 (CCN-25828)

Assigned:2006-04-13
Published:2006-04-13
Updated:2018-10-18
Summary:Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon.
Note: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
Upgrade to GroupWise Messenger, 2.0 Public Beta 2 to fix this issue.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Thu Apr 13 2006 - 11:11:40 CDT
ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow

Source: MISC
Type: UNKNOWN
http://cirt.dk/advisories/cirt-42-advisory.txt

Source: MITRE
Type: CNA
CVE-2006-0992

Source: MISC
Type: UNKNOWN
http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html

Source: CCN
Type: SA19663
Novell GroupWise Messenger Accept-Language Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
19663

Source: CCN
Type: SECTRACK ID: 1015911
Novell GroupWise Messenger Buffer Overflow in Accept-Language Header Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015911

Source: CCN
Type: Novell Technical Information Document TID10100861
GroupWise Messenger 2.0 Accept Language Buffer Overflow

Source: CONFIRM
Type: Patch
http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm

Source: OSVDB
Type: UNKNOWN
24617

Source: CCN
Type: OSVDB ID: 24617
Novell GroupWise Messenging Agent Accept-Language Header Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20060413 ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow

Source: BID
Type: Patch
17503

Source: CCN
Type: BID-17503
Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1355

Source: MISC
Type: Patch, Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-008.html

Source: XF
Type: UNKNOWN
groupwise-accept-language-bo(25828)

Source: XF
Type: UNKNOWN
groupwise-accept-language-bo(25828)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Exploit Database [2006-04-15]

Source: EXPLOIT-DB
Type: UNKNOWN
1679

Source: CCN
Type: ZDI-06-008
Novell GroupWise Messenger Accept-Language Buffer Overflow

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:groupwise_messenger:2.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:groupwise_messenger:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell groupwise messenger 2.0
    novell groupwise messenger 2.0