CVE-2006-4511

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions 1.0.6 and 2.0.2

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a crafted HTTP POST request to TCP port 8300. This request includes a modified val parameter, which triggers a null dereference related to zero-size strings in blowfish routines.

Recommendations For Novell GroupWise version 1.0.6, update to a version that fixes the null dereference issue. For Novell GroupWise version 2.0.2, update to a version that fixes the null dereference issue. As a temporary workaround, consider restricting access to TCP port 8300 to minimize the risk of exploitation.