10 - CVE-2009-0410

Executive Summary

Informations
Name	CVE-2009-0410	First vendor Publication	2009-02-03
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0410

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Novell Groupwise cpe:2.3:a:novell:groupwise:8.0:::::::* cpe:2.3:a:novell:groupwise:7.03:hp1a:::::: cpe:2.3:a:novell:groupwise:7.03:::::::* cpe:2.3:a:novell:groupwise:7.02x:::::::* cpe:2.3:a:novell:groupwise:7.01:::::::* cpe:2.3:a:novell:groupwise:7.0:::::::* cpe:2.3:a:novell:groupwise:6.5:::::::*	7

ExploitDB Exploits

id	Description
2009-02-04	Novell GroupWise <= 8.0 Malformed RCPT command Off-by-one Exploit

Open Source Vulnerability Database (OSVDB)

Id	Description
53980	Novell GroupWise Internet Agent (GWIA) SMTP Daemon RCPT Command Remote Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	RCPT TO overflow RuleID : 654-community - Revision : 28 - Type : SERVER-MAIL
2014-01-10	RCPT TO overflow RuleID : 654 - Revision : 28 - Type : SERVER-MAIL
2014-01-10	RCPT TO overflow RuleID : 18574 - Revision : 6 - Type : SERVER-MAIL
2014-01-10	Novell Groupwise Internet Agent RCPT command overflow attempt RuleID : 16515 - Revision : 9 - Type : SERVER-MAIL

Sources (Detail)

http://download.novell.com/Download?buildid=GjZRRdqCFW0
http://secunia.com/advisories/33744
http://www.novell.com/support/viewContent.do?externalId=7002502
http://www.securityfocus.com/archive/1/500609/100/0/threaded
http://www.securityfocus.com/bid/33560
http://www.zerodayinitiative.com/advisories/ZDI-09-010/

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:12:20	Multiple Updates
2024-11-28 12:18:13	Multiple Updates
2021-05-04 12:09:06	Multiple Updates
2021-04-22 01:09:26	Multiple Updates
2020-05-23 00:23:18	Multiple Updates
2018-10-12 00:20:36	Multiple Updates
2016-04-26 18:36:33	Multiple Updates
2014-01-19 21:25:40	Multiple Updates
2013-05-10 23:43:30	Multiple Updates

Type	Count
CWE ID(s)	1
CPE ID(s)	7
Sources(s)	6
osvdb(s)	1
ExploitDB Exploit(s)	1
Snort® Rule(s)	4

10 - CVE-2009-0410

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

ExploitDB Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU