CVE-2010-4325

Related Files

iDefense Security Advisory 09.26.11 - Novell Groupwise Heap Overflow

Posted Sep 28, 2011

Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, overflow, arbitrary

advisories | CVE-2010-4325

SHA-256 | 74cad0c15a570d196b3c7330c61160de1f4e97c9b98ebe52b30ebecc7523282c

Download | Favorite | View

Novell GroupWise VCALENDAR TZID Variable Remote Buffer Overflow

Posted Jan 28, 2011

Authored by Sebastien Renaud | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "gwwww1.dll" module when processing the "TZID" variable within VCALENDAR data, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. Novell GroupWise versions 8.02 HP 1 (Hot Patch 1) and prior are affected.

tags | advisory, remote, overflow, arbitrary

advisories | CVE-2010-4325

SHA-256 | 557a0d52962a3aa35a46283e0d6a0cfda538de61310dc2fbd2a456f7e11679c3

Download | Favorite | View

Zero Day Initiative Advisory 11-027

Posted Jan 26, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a TZID variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary

advisories | CVE-2010-4325

SHA-256 | bfadedf31fca2f8d915a1dbc199f76796203e866613a9de193c5458c5eaff791

Download | Favorite | View