Novell GroupWise HTML Email Buffer Overflow
James.Taylor at eastcobbgroup.com
Thu Dec 27 04:17:13 UTC 2007
This looks interesting.
I don't recall Novell ever "silently" patching anything in GroupWise.
(8) HIGH: Novell GroupWise HTML Email Buffer Overflow
Novell GroupWise versions 6.5.6 and prior
Description: Novell GroupWise is Novell's enterprise groupware solution.
GroupWise contains a flaw in its handling of email with embedded HTML.
A specially crafted email message containing and overlong __src__
parameter to an __<img>__ tag could trigger a buffer overflow
vulnerability. Successfully exploiting this vulnerability would allow
an attacker to execute arbitrary code with the privileges of the current
user. Full technical details and multiple proofs-of-concept are publicly
available for this vulnerability. This vulnerability is exploitable only
if the user has the __HTML Preview__ option enabled and responds to or
forwards a malicious email; simply reading a malicious message is
insufficient to exploit this vulnerability.
Status: According to reports, Novell has silently patched this vulnerability.
Infobyte Security Research Advisory
Secunia Security Advisory
Product Home Page
The East Cobb Group, Inc.
james.taylor at eastcobbgroup.com
More information about the ngw