Release date:
Updated on:
Affected Systems:
Novell Groupwise 2012.x
Novell GroupWise Server 8.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55551
Cve id: CVE-2012-0271
Novell GroupWise Internet Agent provides SMTP communication to other email systems and supports IMAP, POP3, SOAP, and iCalendar access to users' mailboxes.
Novell GroupWise Internet Agent 8.0.2 HP3 has the remote integer overflow vulnerability when copying request data, by sending a special request with the "Content-Length" header value "-1" to TCP port 9850, the heap buffer overflow may occur, attackers can exploit this vulnerability to execute arbitrary malicious code in affected applications.
<* Source: Francis Provencher
Link: http://secunia.com/advisories/50622/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Novell
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.novell.com/security-alerts