Advisory Details

July 16th, 2010

Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability

ZDI-10-129
ZDI-CAN-673

CVE ID CVE-2010-2777
CVSS SCORE 9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
AFFECTED VENDORS Novell
AFFECTED PRODUCTS Netware
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 3509. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability.

The flaw exists within the IMAP functionality included with GWIA. When provided with an overly long mailbox name to the CREATE verb, the IMAP server can be forced to overflow a buffer on the stack. Successful exploitation leads to remote code execution under the context of the server.

ADDITIONAL DETAILS Novell has issued an update to correct this vulnerability. More details can be found at:
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7006374&sliceId=2&docTypeID=DT_TID_1_1&dialogID=155271264&stateId=0%200%20155267598
DISCLOSURE TIMELINE
  • 2010-04-06 - Vulnerability reported to vendor
  • 2010-07-16 - Coordinated public release of advisory
CREDIT {PRL} Francis Provencher
BACK TO ADVISORIES