Novell GroupWise Internet Agent Integer Overflow Vulnerability

Last Update Date: 17 Sep 2012 10:06 Release Date: 17 Sep 2012 4667 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Novell GroupWise Internet Agent. A remote user can execute arbitrary code on the target system.

 

A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via TCP port 9850 to trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

 

Note: Vendor patch is not available.

Impact

  • Remote Code Execution

System / Technologies affected

  • 8.0.2 HP3 and earlier versions

Solutions

  •  Note: Vendor patch is not available.

Vulnerability Identifier

Source

Related Link

Share with

Previous

IBM AIX NFSv4 GID Enforcement Vulnerability

17 Sep 2012 4767 Views

Next

Windows Phone Certificate Validation Vulnerability

19 Sep 2012 4859 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY