Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0410Improper Restriction of Operations within the Bounds of a Memory Buffer in Groupwise

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
19.4%
top 4.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Groupwise
Timeline
PublishedFeb 3
Latest updateMay 2

Description

Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDnovell/groupwise6 versions+5

Patches

Patch: download.novell.comPatch: www.zerodayinitiative.comPatch: download.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-g8mc-vv53-7r46: Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 62022-05-02
CVEList
CVE-2009-0410: Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 62009-02-03

💥Exploits & PoCs

1
Exploit-DB
Novell Groupwise 8.0 - 'RCPT' Off-by-One2009-02-04
CVE-2009-0410 — Novell Groupwise vulnerability | cvebase