GroupWise Internet Agent Stack Overflow Security Vulnerability
This document (7006374) is provided subject to the disclaimer at the end of this document.
Environment
Novell GroupWise 7
Novell GroupWise 8
Novell GroupWise Internet Agent
Novell GroupWise 8
Novell GroupWise Internet Agent
Situation
The Novell GroupWise Internet Agent is vulnerable to an exploit whereby an authenticated user could potentially cause a stack overflow, which would allow them to execute arbitrary code.
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by {PRL} Francis Provencher working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com)
Novell bug 597331, ZDI-CAN-673, CVE-2010-2777
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by {PRL} Francis Provencher working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com)
Novell bug 597331, ZDI-CAN-673, CVE-2010-2777
Resolution
For GroupWise 8, update to GroupWise 8.0 Support Pack 2 (SP2) or later.
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)
Status
Security AlertBug Number
597331
Disclaimer
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7006374
- Creation Date:30-JUN-10
- Modified Date:27-APR-12
- NovellGroupWise
Did this document solve your problem? Provide Feedback