CVE-2011-0333

Related Files

iDefense Security Advisory 09.26.11 - Novell Heap Overflow

Posted Sep 28, 2011

Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed time zone description field (TZNAME). A heap based buffer overflow can be triggered by supplying an excessively long string when copying the time zone name. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, overflow, arbitrary

advisories | CVE-2011-0333

SHA-256 | e41ab71e11203562d3548c254ffc04693eed7151c500e97d4f2b72313daa62d2

Download | Favorite | View

Novell GroupWise Internet Agent TZNAME Parsing

Posted Sep 27, 2011

Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary

advisories | CVE-2011-0333

SHA-256 | 098e587acb10c0083b88ba844ed01cfbf1ec6d61bdeb69e7e6a4f2b9e4413126

Download | Favorite | View