en

‫ Novell GroupWise Client Address Book Processing Buffer Overflow Vulnerability

IRCAD2012031759
ID: IRCAD2012031759
Release Date: 2012-03-01
Criticality level: Highly critical
 
Software:
Novell GroupWise Client 8.x
Novell GroupWise Server 8.x
 
Description:
Protek Research Labs has reported a vulnerability in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when processing Novell Address Book (".nab") files and can be exploited to cause a heap-based buffer overflow via an overly long email address.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
The vulnerability is reported in versions 8.0 through 8.02 HP3.
 
Solution
Update to version 8.02 post-HP3 FTF.
 
References:
Novell:
Protek Research Labs:
 
Secunia:
 
 

The Wall

No comments
You need to sign in to comment