what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-247
Posted Nov 10, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-247 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in a function responsible for assembling an HTTP response. The following modules implement this functionality: gwpoa.exe, gwmta.exe, gwia.exe. When responding to an HTTP request sent to TCP port 7101 or 7100 or in the case of gwia.exe the user configured "Message Transfer Port", the process uses the client-specified "Host: " header to create an HTTP 301 redirection message. Within this code a local stack buffer is used to store the redirect location and can be overflown with a sufficiently long header value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, web, overflow, arbitrary, local, tcp
MD5 | 0da81411f23f599ab6dc5cc879962c3a
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Personal Data From Entire 16.6M Population Of Ecuador Leaked Online
Posted Sep 16, 2019

tags | headline, privacy, data loss
Uber Confirms Account Takeover Vulnerability
Posted Sep 16, 2019

tags | headline, hacker, privacy, flaw
iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
Posted Sep 16, 2019

tags | headline, phone, data loss, flaw, apple
198M Records Of Prospective Auto Buyers Leaked
Posted Sep 16, 2019

tags | headline, privacy, database, data loss
LastPass Bug Leaks Credentials From Previous Site
Posted Sep 16, 2019

tags | headline, data loss, flaw, password
Instagram Fixed Flaw That Links Account Info To PII
Posted Sep 13, 2019

tags | headline, hacker, privacy, data loss, flaw, facebook
France To Block Facebook's Libra Cryptocurrency In Europe
Posted Sep 13, 2019

tags | headline, government, bank, fraud, france, facebook, social, cryptography
InnfiRAT Malware Lurks To Steal Cryptocurrency Wallet Data
Posted Sep 13, 2019

tags | headline, malware, cybercrime, fraud, cryptography
Infosec Duo Cuffed After Physically Breaking Into Courthouse During IT Security Assessment
Posted Sep 13, 2019

tags | headline, hacker, government
New Simjacker Attack Exploited In The Wild To Track Users For At Least Two Years
Posted Sep 12, 2019

tags | headline, hacker, privacy, phone
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close