PT-2011-1499 · Novell · Novell Groupwise

Published

2011-01-26

Updated

2018-10-10

CVE-2010-4325

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions prior to 8.02HP2

Description The issue is related to a buffer overflow in the gwwww1.dll component of the GroupWise Internet Agent (GWIA) in Novell GroupWise. This can be exploited by remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.

Recommendations For versions prior to 8.02HP2, update to version 8.02HP2 or later to resolve the issue. As a temporary workaround, consider restricting the processing of VCALENDAR messages with crafted TZID variables until a patch is applied. Avoid using the TZID variable in VCALENDAR messages until the issue is resolved.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-4325

ZDI-11-027

ZDI-11-285

Affected Products

Novell Groupwise

PT-2011-1499 · Novell · Novell Groupwise

CVE-2010-4325

Weakness Enumeration

Related Identifiers

Affected Products

References · 16