Re: NMRC Advisory - GroupWise Buffer Overflow

From: Randy Richardson (randy@INTER-CORPORATE.COM)
Date: Fri Sep 25 1998 - 21:44:45 PDT

Next message: Kragen: "Re: tar "features""

Previous message: Nathan Neulinger: "Re: Globetrotter FlexLM 'lmdown' bogosity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Snip]
> Synopsis
> --------
>
> A remote buffer overflow condition exists in Novell Groupwise Internet
> Gateway that permits DoS attacks and possible execution of malicious code.
> The overflow happens in the string parsing of the USER command in the POP3
> daemon, and in the command parsing of the LDAP daemon.
>
> Tested configuration
> --------------------
>
> The bug was tested with the following configuration :
>
> Novell Intranetware
> Intranetware Service Pack 5
> TCP/IP TCPN05 patch
> Novell BorderManager 2.1.0
> BorderManager Service pack 2.0D
> GroupWise 5.2
> GroupWise Service pack 3
>
> Bug(s) report
> -------------
[Snip]

        Does this bug also exist in GroupWise 5.5?

Randy Richardson - randy@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
http://www.inter-corporate.com/

"Where do YOU want to Authenticate today?"

Next message: Kragen: "Re: tar "features""
Previous message: Nathan Neulinger: "Re: Globetrotter FlexLM 'lmdown' bogosity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:48 PDT