CVE-2009-0410

Novell GroupWise <8.0 - RCE

Title source: llm

Description

Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Praveen Darshanam · perldoswindows

https://www.exploit-db.com/exploits/7985

View Code ZIP pw:eip

References (6)

[Patch] http://download.novell.com/Download?buildid=GjZRRdqCFW0

[Vendor Advisory] http://secunia.com/advisories/33744

[Vendor Advisory] http://www.novell.com/support/viewContent.do?externalId=7002502

[Patch] http://www.zerodayinitiative.com/advisories/ZDI-09-010/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500609/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33560

Scores

EPSS 0.1943

EPSS Percentile 95.4%

Details

CWE

CWE-119

Status published

Products (6)

novell/groupwise 6.5

novell/groupwise 7.0

novell/groupwise 7.01

novell/groupwise 7.02x

novell/groupwise 7.03 (2 CPE variants)

novell/groupwise 8.0

Published Feb 03, 2009

Tracked Since Feb 18, 2026