CVE-2006-4511
Novell GroupWise Messenger 1.0.6 and 2.0.2 - Denial of Service via Crafted HTTP POST Request
Title source: llmDescription
Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."
References (8)
Core 8
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3893
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=416
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016974
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20316
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22244
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/796956
Patch x_refsource_confirm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974452.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29319
Scores
EPSS
0.0545
EPSS Percentile
90.3%
Details
Status
published
Products (2)
novell/groupwise_messenger
1.0.6
novell/groupwise_messenger
2.0.2
Published
Oct 05, 2006
Tracked Since
Feb 18, 2026