Novell GroupWise Internet Agent Integer Overflow Vulnerability
Last Update Date:
17 Sep 2012 10:06
Release Date:
17 Sep 2012
4820
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
A vulnerability has been identified in Novell GroupWise Internet Agent. A remote user can execute arbitrary code on the target system.
A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via TCP port 9850 to trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
Note: Vendor patch is not available.
Impact
- Remote Code Execution
System / Technologies affected
- 8.0.2 HP3 and earlier versions
Solutions
- Note: Vendor patch is not available.
Vulnerability Identifier
Source
Related Link
Share with