GroupWise Messenger 2.0 Accept Language Buffer Overflow

  • 10100861N
  • NOVL105592
  • 04-Apr-2006
  • 18-Apr-2006

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.


Novell GroupWise Messenger 2.0


GroupWise Messenger 2.0 Accept Language Buffer Overflow

If the "accept-language" token is greater than 16 characters without any commas or semicolons, a stack overflow will result.


Vulnerability discovered by TippingPoint Zero Day Initiative.

This vulnerability has been assigned the identifier CVE-CAN-0992  by the CVE database.


The fix is now available with GroupWise Messenger 2.0 Public Beta 2 available from via the GroupWise 7 Support Pack 1 Beta 2.  This fix will also be included in the shipping release of Messenger 2.0 SP1 tentatively scheduled for the end of May 2006.

The Messenger Agent needs to be patched.  The Messenger Client can be updated later, but is not required.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.