| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Novell GroupWise 7.0. Affected by this vulnerability is an unknown functionality of the component Base64 Decoder. The manipulation results in stack-based overflow. This vulnerability is identified as CVE-2007-2171. Additionally, an exploit exists. Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as critical, was found in Novell GroupWise 7.0 (Groupware Software). Affected is an unknown code block of the component Base64 Decoder. The manipulation with an unknown input leads to a stack-based overflow vulnerability. CWE is classifying the issue as CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
The bug was discovered 04/18/2007. The weakness was released 04/19/2007 by Tenable Network Security with Tenable Network Security (Website). The advisory is shared for download at zerodayinitiative.com. This vulnerability is traded as CVE-2007-2171 since 04/22/2007. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are unknown but an exploit is available.
The exploit is shared for download at saintcorporation.com. It is declared as proof-of-concept. As 0-day the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 25084 (Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gain a shell remotely and running in the context r.
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at download.novell.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published before and not just after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 10998. In this case the pattern Authorization is used for detection. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 5295. The filter is assigned to the category Vulnerabilities.
The vulnerability is also documented in the databases at X-Force (33744), Tenable (25084), SecurityFocus (BID 23556†), OSVDB (35018†) and Secunia (SA24944†). Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.novell.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Stack-based overflowCWE: CWE-121 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 25084
Nessus Name: Novell Groupwise WebAccess GWINTER.EXE Base64 Decoding Remote Overflow
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Saint ID: exploit_info/groupwise_webaccess_base64_decode
Saint Name: Novell GroupWise WebAccess base64_decode buffer overflow
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: download.novell.com
Snort ID: 10998
Snort Message: EXPLOIT Novell GroupWise WebAccess authentication overflow
Snort Pattern: 🔍
TippingPoint: 🔍
TippingPoint Title: 🔍
TippingPoint Category: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
04/16/2007 🔍04/18/2007 🔍
04/18/2007 🔍
04/18/2007 🔍
04/18/2007 🔍
04/19/2007 🔍
04/19/2007 🔍
04/19/2007 🔍
04/22/2007 🔍
04/23/2007 🔍
04/24/2007 🔍
04/27/2007 🔍
04/29/2007 🔍
07/18/2019 🔍
Sources
Vendor: novell.comAdvisory: zerodayinitiative.com
Researcher: Tenable Network Security
Organization: Tenable Network Security
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-2171 (🔍)
GCVE (CVE): GCVE-0-2007-2171
GCVE (VulDB): GCVE-100-3036
X-Force: 33744
SecurityFocus: 23556 - Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability
Secunia: 24944
OSVDB: 35018 - Novell GroupWise WebAccess GWINTER.exe Basic Authentication Base64 Decoding Overflow
SecurityTracker: 1017932
Vulnerability Center: 14964 - Novell GroupWise WebAccess 7.0 and 7.0 SP1 Remote Code Execution, High
Vupen: ADV-2007-1455
Entry
Created: 04/27/2007 19:37Updated: 07/18/2019 15:13
Changes: 04/27/2007 19:37 (104), 07/18/2019 15:13 (1)
Complete: 🔍
Cache ID: 216:63C:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.