Novell GroupWise WebAccess base64_decode buffer overflow

Added: 04/25/2007
CVE: CVE-2007-2171
BID: 23556
OSVDB: 35018

Background

Novell GroupWise includes a WebAccess service which allows users to access their e-mail using a web browser.

Problem

A buffer overflow in the base64_decode function allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic Authentication request.

Resolution

Upgrade to Groupwise 7.0 SP2 for Windows or Linux.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-015.html

Limitations

Exploit works on Novell GroupWise 7.0.

Platforms

Windows

Back to exploit index