Novell GroupWise HTML Email Buffer Overflow

James Taylor James.Taylor at eastcobbgroup.com
Thu Dec 27 04:17:13 UTC 2007


This looks interesting.
I don't recall Novell ever "silently" patching anything in GroupWise.
-jt


(8) HIGH: Novell GroupWise HTML Email Buffer Overflow
Affected:
Novell GroupWise versions 6.5.6 and prior

Description: Novell GroupWise is Novell's enterprise groupware solution.
GroupWise contains a flaw in its handling of email with embedded HTML.
A specially crafted email message containing and overlong __src__
parameter to an __<img>__ tag could trigger a buffer overflow
vulnerability. Successfully exploiting this vulnerability would allow
an attacker to execute arbitrary code with the privileges of the current
user. Full technical details and multiple proofs-of-concept are publicly
available for this vulnerability. This vulnerability is exploitable only
if the user has the __HTML Preview__ option enabled and responds to or
forwards a malicious email; simply reading a malicious message is
insufficient to exploit this vulnerability.

Status: According to reports, Novell has silently patched this vulnerability.

References:
Infobyte Security Research Advisory
http://www.infobyte.com.ar/adv/ISR-16.html
Proofs-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/novell_groupwise.pm
http://downloads.securityfocus.com/vulnerabilities/exploits/novell_groupwise.rb
Secunia Security Advisory
http://secunia.com/advisories/28102/
Product Home Page
http://www.novell.com/products/groupwise/
SecurityFocus BID
http://www.securityfocus.com/bid/26875



James Taylor
The East Cobb Group, Inc.
678-697-9420
james.taylor at eastcobbgroup.com
http://www.eastcobbgroup.com

















More information about the ngw mailing list