Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability
BID:52062
Info
Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability
| Bugtraq ID: | 52062 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 17 2012 12:00AM |
| Updated: | Feb 17 2012 12:00AM |
| Credit: | Luigi Auriemma |
| Vulnerable: |
Novell GroupWise Messenger 2.1 Novell GroupWise Messenger 2.0.3 Novell GroupWise Messenger 2.0 |
| Not Vulnerable: | |
Discussion
Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability
Novell GroupWise Messenger client is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Novell GroupWise Messenger versions 2.1.0 and prior are vulnerable; other versions may also be affected.
Novell GroupWise Messenger client is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Novell GroupWise Messenger versions 2.1.0 and prior are vulnerable; other versions may also be affected.
Exploit / POC
Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability
References:
References:
- Novell GroupWise Homepage (Novell)
- Novell GroupWise Messenger client unicode stack overflow (Luigi Auriemma)