Novell GroupWise客户端本地整数溢出漏洞

Novell GroupWise客户端本地整数溢出漏洞

漏洞ID 1109099 漏洞类型 缓冲区溢出
发布时间 2005-09-27 更新时间 2005-10-20
图片[1]-Novell GroupWise客户端本地整数溢出漏洞-安全小百科CVE编号 CVE-2005-2804
图片[2]-Novell GroupWise客户端本地整数溢出漏洞-安全小百科CNNVD-ID CNNVD-200510-004
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/26301
https://cxsecurity.com/issue/WLB-2005090024
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-004
|漏洞详情
NovellGroupWise是美国Novell公司的一套协作通讯系统。该系统提供了电子邮件、日程安排、即时通讯、任务管理、文档管理以及联系人管理等协作通讯服务。GroupWise注册表解析代码中存在整数溢出漏洞,攻击者可以通过修改某些键值创建整数溢出,导致崩溃或执行任意代码。起因是应用程序没能安全的解析windows注册表中保存的最后认证的端口数。
|漏洞EXP
source: http://www.securityfocus.com/bid/14952/info

Novell GroupWise Client is prone to a local integer overflow vulnerability.

The attacker may leverage this issue to corrupt process memory, which may lead to a crash or arbitrary code execution. A complete compromise of the affected system may be possible.

GroupWise 6.5.3 is reported to be vulnerable. It is possible that other versions are affected as well. 

The following value is sufficient to trigger this issue:
11111111111111111111111111111111
|参考资料

来源:XF
名称:novell-groupwise-port-number-overflow(22419)
链接:http://xforce.iss.net/xforce/xfdb/22419
来源:BID
名称:14952
链接:http://www.securityfocus.com/bid/14952
来源:support.novell.com
链接:http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType;=%20c&externalId;=10098814html&sliceId;=&dialogID;=717171
来源:BUGTRAQ
名称:20050927[ISR]-NovellGroupWiseClientIntegerOverflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112784386426802&w;=2
来源:FULLDISC
名称:20050927[ISR]-NovellGroupWiseClientIntegerOverflow
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html
来源:OSVDB
名称:19862
链接:http://www.osvdb.org/19862
来源:MISC
名称:http://www.infobyte.com.ar/adv/ISR-13.html
链接:http://www.infobyte.com.ar/adv/ISR-13.html
来源:support.novell.com
链接:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm
来源:SECTRACK
名称:1014977
链接:http://securitytracker.com/id?1014977
来源:SREASON
名称:28
链接:http://securityreason.com/securityalert/28
来源:FULLDISC
名称:20050927Re:[ISR]-NovellGroup

相关推荐: Allaire ColdFusion Security Sandbox CFEXECUTE Privilege Escalation Vulnerability

Allaire ColdFusion Security Sandbox CFEXECUTE Privilege Escalation Vulnerability 漏洞ID 1102704 漏洞类型 Design Error 发布时间 2001-11-27 更新…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享