You are here

U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability

September 17, 2012 - 6:00am

Addthis

PROBLEM:

Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability

PLATFORM:

The vulnerability is confirmed in version 8.0.2 HP3 and reported in version 2012. Other versions may also be affected.

ABSTRACT:

A vulnerability was reported in Novell GroupWise Internet Agent

reference LINKS:

Novell
SecurityTracker Alert ID:  1027536
Secunia Advisory SA50622
CVE-2012-0271

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via TCP port 9850 to trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Impact:

A remote user can execute arbitrary code on the target system.

Solution:

No solution was available at the time of this entry.

Addthis