Integer overflow in GroupWise client.

  • 10098814
  • NOVL103370
  • 06-Sep-2005
  • 07-Sep-2005

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.


Novell GroupWise 6.5


Integer overflow in GroupWise client.




There was a potential integer overflow in the GroupWise registry parsing code.  By altering the value of certain keys, it was possible to create a integer overflow that could potentially be exploited.  This vulnerability has been fixed in GroupWise 6.5.  The fix is available in any version of the GroupWise 6.5 client dated after 8/10/2005.  Note that the shipping version of GroupWise 7 does not have this vulnerability.

Novell acknowledges Francisco Amato of Infobyte Security Research for his help in identifying this vulnerability. 


Updated GroupWise clients are available here.

 Please note that this link only contains field-test file clients.  This fix will be included in SP5 for GroupWise 6.5.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.