Vulnerabilities > CVE-2007-2171 - Unspecified vulnerability in Novell Groupwise 7.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
novell
nessus
NVD
Published: 2007-04-24
Updated: 2024-11-21

Summary

Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.

Vulnerable Configurations

Part Description Count
Application
Novell
2

Nessus

NASL familyGain a shell remotely
NASL idGROUPWISE_WEBACCESS_OVERFLOW.NASL
descriptionThe remote host is running a version of GroupWise WebAccess from Novell that is vulnerable to a stack overflow in the way it handles HTTP Basic Authentication. By sending a specially crafted request, an attacker can exploit this flaw to execute code on the remote host with administrative privileges.
last seen2020-06-01
modified2020-06-02
plugin id25084
published2007-04-23
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25084
titleNovell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow

Saint

bid23556
descriptionNovell GroupWise WebAccess base64_decode buffer overflow
idmail_web_groupwisever,mail_web_groupwiseauthbo
osvdb35018
titlegroupwise_webaccess_base64_decode
typeremote

References