Integer overflow in GroupWise client.

  • 10098814
  • NOVL103370
  • 06-Sep-2005
  • 07-Sep-2005

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Fact

Novell GroupWise 6.5

Symptom

Integer overflow in GroupWise client.

Fact

CAN-2005-2804

Note

There was a potential integer overflow in the GroupWise registry parsing code.  By altering the value of certain keys, it was possible to create a integer overflow that could potentially be exploited.  This vulnerability has been fixed in GroupWise 6.5.  The fix is available in any version of the GroupWise 6.5 client dated after 8/10/2005.  Note that the shipping version of GroupWise 7 does not have this vulnerability.

Novell acknowledges Francisco Amato of Infobyte Security Research for his help in identifying this vulnerability. 

Fix

Updated GroupWise clients are available here.  

https://support.novell.com/filefinder/16963/beta.html

 Please note that this link only contains field-test file clients.  This fix will be included in SP5 for GroupWise 6.5.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.