Novell GroupWise Messenger 'createsearch' Command Remote Memory Corruption Vulnerability

Bugtraq ID:	52052
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Feb 16 2012 12:00AM
Updated:	Feb 16 2012 12:00AM
Credit:	Luigi Auriemma
Vulnerable:	Novell GroupWise Messenger 2.1 Novell GroupWise Messenger 2.0.3 HP1 Novell GroupWise Messenger 2.0.3 Novell GroupWise Messenger 2.0
Not Vulnerable:

Novell GroupWise Messenger 'createsearch' Command Remote Memory Corruption Vulnerability

Novell GroupWise Messenger is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed.

Novell GroupWise Messenger versions 2.1.0 and prior are vulnerable.

Novell GroupWise Messenger 'createsearch' Command Remote Memory Corruption Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/52052.zip

Novell GroupWise Messenger 'createsearch' Command Remote Memory Corruption Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Novell GroupWise Messenger 'createsearch' Command Remote Memory Corruption Vulnerability

References:

• Arbitrary memory corruption in Novell GroupWise Messenger 2.1.0 (Aluigi)
  
• GroupWise Messenger (Novell)
  
• Novell GroupWise Messenger Homepage (Novell)