CVE-2006-4511 - Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a d

CVE-2006-4511

Summary

Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."

References

Vulnerable Configurations

cpe:2.3:a:novell:groupwise_messenger:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:novell:groupwise_messenger:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:novell:groupwise_messenger:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:novell:groupwise_messenger:2.0.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	20316
cert-vn	VU#796956
confirm	http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974452.htm
idefense	20061002 Novell GroupWise Messenger nmma.exe DoS Vulnerability
sectrack	1016974
secunia	22244
vupen	ADV-2006-3893
xf	groupwisemessenger-nmma-dos(29319)

Last major update

20-07-2017 - 01:33

Published

05-10-2006 - 04:04

Last modified

20-07-2017 - 01:33