CVE-2010-4711

Severity

99%

Complexity

99%

Confidentiality

165%

Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.

Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 14 years ago

2011-01-31 20:00:00

Last updated 13 years ago

2011-04-26 20:54:00

Affected Software

Novell Groupwise 5.2

5.2

Novell Groupwise 5.5

5.5

Novell Groupwise 5.57e

5.57e

Novell Groupwise 6.0

6.0

Novell Groupwise 6.0.1 Service Pack 1

6.0.1

Novell Groupwise 6.5

6.5

Novell Groupwise 6.5 SP1

6.5

Novell Groupwise 6.5 SP2

6.5

Novell Groupwise 6.5 SP3

6.5

Novell Groupwise 6.5 SP4

6.5

Novell Groupwise 6.5 SP5

6.5

Novell Groupwise 6.5 SP6

6.5

Novell Groupwise 6.5.2

6.5.2

Novell Groupwise 6.5.3

6.5.3

Novell Groupwise 6.5.4

6.5.4

Novell Groupwise 6.5.6

6.5.6

Novell Groupwise 6.5.7

6.5.7

Novell Groupwise 7.0

7.0

Novell Groupwise 7.0.4

7.0.4

Novell Groupwise 8.0

8.0

Novell Groupwise

References

http://www.facebook.com/note.php?note_id=477865030928

http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1

Vendor Advisory

http://zerodayinitiative.com/advisories/ZDI-10-242/

https://bugzilla.novell.com/show_bug.cgi?id=647519

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.