Novell GroupWise Client ofview File Parsing Overflow

2005-07-27T05:38:02
ID OSVDB:18298
Type osvdb
Reporter Francisco Amato(famato@infobyte.com.ar)
Modified 2005-07-27T05:38:02

Description

Vulnerability Description

Novell GroupWise Client contains a flaw that may allow a malicious user, if he has gained access to the post office directory, to create a buffer overflow on a client that attempted to log into the compromised post office. The issue is triggered when parsing the file containing the labels of different views. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Technical Description

Successful exploitation requires permissions to modify the GWVW02??.INI files, which is normally restricted to administrative users.

Solution Description

Upgrade to version 6.5 (dated after 7/15/2005) or 6.5 SP5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Novell GroupWise Client contains a flaw that may allow a malicious user, if he has gained access to the post office directory, to create a buffer overflow on a client that attempted to log into the compromised post office. The issue is triggered when parsing the file containing the labels of different views. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1014565 Secunia Advisory ID:16227 Other Advisory URL: http://www.infobyte.com.ar/adv/ISR-12.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0590.html Keyword: TID10098314 CVE-2005-2346 Bugtraq ID: 14398