CVE-2006-4511 — Groupwise Messenger vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

7.2%

top 8.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Groupwise Messenger

Timeline

PublishedOct 5

Latest updateMay 1

Description

Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDnovell/groupwise_messenger1.0.6, 2.0.2+1

Patches

Patch: secunia.com ↗Patch: support.novell.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-29fr-v779-2x3c: Messenger Agents (nmma↗2022-05-01

▶

CVEList

CVE-2006-4511: Messenger Agents (nmma↗2006-10-04

▶