Vulnerability Details : CVE-2006-0992

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
Publish Date : 2006-04-14 Last Update Date : 2017-10-10

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	10.0
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	Admin
Vulnerability Type(s)	Execute CodeOverflow
CWE ID	CWE id is not defined for this vulnerability

- Products Affected By CVE-2006-0992

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Novell	Groupwise Messenger	2.0				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Novell	Groupwise Messenger	1

- References For CVE-2006-0992

https://www.exploit-db.com/exploits/1679
EXPLOIT-DB 1679

http://cirt.dk/advisories/cirt-42-advisory.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/25828
XF groupwise-accept-language-bo(25828)

http://www.vupen.com/english/advisories/2006/1355
VUPEN ADV-2006-1355

http://www.zerodayinitiative.com/advisories/ZDI-06-008.html

http://www.securityfocus.com/bid/17503
BID 17503 Novell GroupWise Messenger Accept Language Remote Buffer Overflow Vulnerability Release Date:2007-11-02

http://www.securityfocus.com/archive/1/archive/1/430911/100/0/threaded
BUGTRAQ 20060413 ZDI-06-008: Novell GroupWise Messenger Accept-Language Buffer Overflow

http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm CONFIRM

http://securitytracker.com/id?1015911
SECTRACK 1015911

http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html

- Metasploit Modules Related To CVE-2006-0992

Novell Messenger Server 2.0 Accept-Language Overflow

This module exploits a stack buffer overflow in Novell GroupWise Messenger Server v2.0. This flaw is triggered by any HTTP request with an Accept-Language header greater than 16 bytes. To overwrite the return address on the stack, we must first pass a memcpy() operation that uses pointers we supply. Due to the large list of restricted characters and the limitations of the current encoder modules, very few payloads are usable.
Module type : exploit Rank : average Platforms : Windows