Response to reported security vulnerability SecurityFocus Bugtraq ID: 28969

  • 7000314
  • 02-May-2008
  • 26-Apr-2012


Novell GroupWise 7.0


On 28 April, 2008, a possible security vulnerability (Bugtraq ID: 28969) was reported to the SecurityFocus web site entitled "Novell GroupWise 'mailto' URI Handler Buffer Overflow Vulnerability". The web site originally listed GroupWise 7.0 and GroupWise 7 SP1, SP2, and SP3 as being affected by the issue.


Novell has tested the problem with GroupWise 7 Support Pack 3, and were not able to duplicate the problem using the information provided by the reporter. In addition, Novell has communicated directly with the reporter, who indicates that he was only able to duplicate the problem on shipping (unpatched) GroupWise 7.0 and did not see the problem after updating to GroupWise 7 Support Pack 1 (SP1).

To resolve this issue, customers running unpatched GroupWise 7.0 should update to at least GroupWise 7 Support Pack 1 (SP1). For the most current security updates and bug fixes, Novell recommends that customers apply GroupWise 7 Support Pack 3 (SP3).


Security Alert