Check Point Reference: | CPAI-2010-159 |
Date Published: | 30 Nov 2010 |
Severity: | Critical |
Last Updated: | Friday 01 January, 2010 |
Source: | Secunia Advisory SA40820 |
Protection Provided by: | |
Who is Vulnerable? | Novell Groupwise 8.02 Novell Groupwise 8.01X Novell Groupwise 8.0x |
Vulnerability Description | A remote code execution vulnerability exists in Novell GroupWise Internet Agent (GWIA). Novell GroupWise Internet Agent is a component of Novell GroupWise and provides email services, supporting SMTP, POP, and IMAP protocols. The vulnerability is due to a buffer overflow when parsing a RRULE variable inside a crafted email message. A remote attacker could exploit this vulnerability by sending a malicious email to the target system. |
Update/Patch Avaliable | Novell has released an advsiory to address this vulnerability. |
Vulnerability Details | The vulnerability exists in the parsing of VCALENDAR data when processing a RRULE variable. This can be exploited to cause a buffer overflow via a specially crafted e-mail message. |