Novell GroupWise vulnerabilities
Created 8/6/02
CVE 2002-1088
Impact
A remote attacker could crash the mail server or possibly
execute arbitrary commands.
Note: The red stoplight on this tutorial
indicates the highest possible severity level for this
vulnerability category. The actual severity level is
indicated by the colored dot beside the link to this
tutorial on the previous page.
Background
GroupWise
is a full-featured collaboration tool for NetWare. It runs
a mail transfer agent supporting the SMTP
protocol.
The Problem
A buffer overflow condition in GroupWise's SMTP
implementation could allow a remote attacker to crash the
service or possibly execute arbitrary commands by sending
a very long RCPT TO: line. GroupWise
6.0.1 and possibly earlier versions are affected by this
vulnerability.
Resolution
Install Support Pack Beta 2 for GroupWise 6.0.1. Support
Packs are available from Novell.
Where can I read more about this?
This vulnerability was posted to Bugtraq.