Vulnerability Name:

CVE-2009-1636 (CCN-50693)

Assigned:2009-05-14
Published:2009-05-14
Updated:2018-10-10
Summary:Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-1636

Source: OSVDB
Type: UNKNOWN
54644

Source: OSVDB
Type: UNKNOWN
54645

Source: CCN
Type: SA35177
Novell GroupWise Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35177

Source: CCN
Type: SECTRACK ID: 1022276
GroupWise Internet Agent Buffer Overflows in SMTP Service Let Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1

Source: CCN
Type: Novell Document ID: 7003273
Novell GroupWise Internet Agent (GWIA) - Security Vulnerability in Email Address Processing

Source: CONFIRM
Type: Vendor Advisory
http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1

Source: CCN
Type: OSVDB ID: 54644
Novell GroupWise Internet Agent (GWIA) SMTP Request Handling Remote Overflow

Source: CCN
Type: OSVDB ID: 54645
Novell GroupWise Internet Agent (GWIA) SMTP Email Address Processing Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20090522 Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
35064

Source: CCN
Type: BID-35064
Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
35065

Source: CCN
Type: BID-35065
Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022276

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1393

Source: MISC
Type: Vendor Advisory
http://www.vupen.com/exploits/Novell_GroupWise_GWIA_Email_Address_Remote_Buffer_Overflow_Exploit_1393141.php

Source: MISC
Type: Vendor Advisory
http://www.vupen.com/exploits/Novell_GroupWise_GWIA_SMTP_Command_Remote_Buffer_Overflow_PoC_Exploit_1393140.php

Source: MISC
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=478892

Source: MISC
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=482914

Source: XF
Type: UNKNOWN
gia-smtp-code-execution(50692)

Source: XF
Type: UNKNOWN
gia-email-code-execution(50693)

Source: XF
Type: UNKNOWN
gia-email-code-execution(50693)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:groupwise:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.01:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.03:hp2:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:8.0:hp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:groupwise:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.02:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.01:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.03:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:7.03:hp1a:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:8.0:hp1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell groupwise 7.0
    novell groupwise 7.0 sp1
    novell groupwise 7.0 sp2
    novell groupwise 7.0 sp3
    novell groupwise 7.0.0 sp1
    novell groupwise 7.0.0 sp2
    novell groupwise 7.0.2
    novell groupwise 7.0.3
    novell groupwise 7.01
    novell groupwise 7.03 hp1a
    novell groupwise 7.03 hp2
    novell groupwise 8.0 hp1
    novell groupwise 7.0
    novell groupwise 7.02
    novell groupwise 7.01
    novell groupwise 7.0 sp3
    novell groupwise 7.0 sp2
    novell groupwise 7.0 sp1
    novell groupwise 7.03
    novell groupwise 8.0
    novell groupwise 7.03 hp1a
    novell groupwise 8.0 hp1