Check Point Advisories

Preemptive Protection against Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow

Check Point Reference: CPAI-2010-145
Date Published: 24 Aug 2010
Severity: Critical
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory SA40622
Industry Reference:

N/A

Protection Provided by:
Who is Vulnerable? Novell Groupwise 7.0
Novell Groupwise 7.01
Novell Groupwise 7.02
Novell Groupwise 7.03x
Novell Groupwise 7.04
Novell Groupwise 8.0
Novell Groupwise 8.01x
Vulnerability Description A buffer overflow vulnerability exists in Novell GroupWise Internet Agent, a client-server collaborative software and email system provided by Novell. The vulnerability is within the IMAP component of the GroupWise Internet Agent service and is due to a boundary error while handling provided mailbox name for the CREATE command.
Update/Patch AvaliableVendor's advisory.
Vulnerability DetailsThe vulnerability is due to a boundary error in the IMAP functionality of the GroupWise Internet Agent (GWIA.exe) service. Remote authenticated attackers could exploit the vulnerability by sending a crafted CREATE command with an overly long mailbox name.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK