CVE-2007-2171 - Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) We

CVE-2007-2171

Summary

Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.

References

Vulnerable Configurations

cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:groupwise:7.0:*:*:*:*:*:*:*
cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:novell:groupwise:7.0:sp1:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23556
bugtraq	20070418 ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability
confirm	http://download.novell.com/Download?buildid=8RF83go0nZg~ http://download.novell.com/Download?buildid=O9ucpbS1bK0~
misc	http://www.zerodayinitiative.com/advisories/ZDI-07-015.html
sectrack	1017932
secunia	24944
sreason	2610
vupen	ADV-2007-1455

saint via4

bid	23556
description	Novell GroupWise WebAccess base64_decode buffer overflow
id	mail_web_groupwisever,mail_web_groupwiseauthbo
osvdb	35018
title	groupwise_webaccess_base64_decode
type	remote

Last major update

16-10-2018 - 16:42

Published

24-04-2007 - 20:19

Last modified

16-10-2018 - 16:42