Skip to main content

Novell GroupWise Internet Agent Integer Overflow Vulnerability

Last Update Date: 17 Sep 2012 10:06 Release Date: 17 Sep 2012 4820 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Novell GroupWise Internet Agent. A remote user can execute arbitrary code on the target system.

 

A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via TCP port 9850 to trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

 

Note: Vendor patch is not available.


Impact

  • Remote Code Execution

System / Technologies affected

  • 8.0.2 HP3 and earlier versions

Solutions

  •  Note: Vendor patch is not available.

Vulnerability Identifier


Source


Related Link