Environment
Novell GroupWise 7
Novell GroupWise 8
Novell GroupWise WebAccess
Novell GroupWise 8
Novell GroupWise WebAccess
Situation
The user Proxy feature of Novell GroupWise WebAccess is vulnerable to a stack overflow exploit whereby an authenticated user could potentially trigger a stack overflow and execute arbitrary code.
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Francis Provencher - Protek Research Labs (http://www.protekresearchlab.com/)
Novell bug 612774, CVE-2010-2782
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Francis Provencher - Protek Research Labs (http://www.protekresearchlab.com/)
Novell bug 612774, CVE-2010-2782
Resolution
For GroupWise 8, update to Support Pack 2 (SP2) or later.
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)
Status
Security AlertBug Number
612774