Check Point Advisories

Preemptive Protection against Novell GroupWise Internet Agent IMAP Service Stack Buffer Overflow

Check Point Reference: CPAI-2010-157
Date Published: 18 Nov 2010
Severity: Critical
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory SA40622
Protection Provided by:
Who is Vulnerable? Novell Groupwise 7.0 Novell Groupwise 7.01 Novell Groupwise 7.02 Novell Groupwise 7.03x Novell Groupwise 7.04 Novell Groupwise 8.0 Novell Groupwise 8.01x
Vulnerability Description
A buffer overflow vulnerability exists in Novell GroupWise Internet Agent. Novell GroupWise Internet Agent is a component of Novell GroupWise and provides email services, supporting SMTP, POP, and IMAP protocols. The vulnerability resides in the IMAP component of the GroupWise Internet Agent service. An attacker could exploit this vulnerability by sending a crafted message to the server, potentially resulting in a denial of service condition on the affected service. 
Update/Patch Avaliable
The vendor, Novell, has released an advisory addressing this vulnerability. 
Vulnerability Details
The vulnerability is due to a boundary error in the IMAP functionality of the GroupWise Internet Agent (GWIA.exe) service, triggerred when handling provided mailbox name for the CREATE command. 

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK