Novell GroupWise Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Novell GroupWise, which could be exploited by remote attackers to bypass security restrictions, conduct phishing attacks, cause a denial of service or compromise a vulnerable system.

1. A buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing specially crafted email addresses via SMTP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges.

2. A buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing certain SMTP requests, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges.

3. A input validation errors in the GroupWise WebAccess, which could allow attackers to use Javascript to deface the login page, preventing users from logging in to WebAccess.

4. An error in the way GroupWise WebAccess blocks scripting, which could be exploited by attackers to gain access to an authenticated user's mailbox and forward data or requests to a malicious site.

5. An errors within the session management mechanisms in the GroupWise WebAccess, which could allow an attacker to gain access to an authenticated user's account.

6. A input validation errors in the GroupWise WebAccess within the handling of style expressions, which could be exploited by attackers to redirect a user and/or forward data or requests to a malicious site via a specially crafted message with an HTML file.