Denial of Service Vulnerability in Novell GroupWise Messenger Agent
CVE-2006-4511

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise Messenger
Vendor: CVE Published:; 5 October 2006

Summary

The Novell GroupWise Messenger Agent, specifically versions 2.0.2 and 1.0.6, is susceptible to a denial of service attack that can be triggered through a specially crafted HTTP POST request directed at TCP port 8300. This request contains a manipulated 'val' parameter that leads to a null dereference, resulting in a crash of the nmma.exe process. Attackers can exploit this vulnerability to disrupt service availability by causing a crash of the messaging agent, impacting user communications and operations.

References

http://www.vupen.com/english/advisories/2006/3893

vdb-entryx_refsource_VUPEN

http://www.idefense.com/intelligence/vulnerabilities/disp...

third-party-advisoryx_refsource_IDEFENSE

http://securitytracker.com/id?1016974

vdb-entryx_refsource_SECTRACK

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 5, 2006
Vulnerability Reserved
Aug 31, 2006