 |
|
|
|
| Novell Groupwise multiple security vulnerabilities | | Published: |  | 02.10.2011 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 11940 | | Type: |  | remote | | Level: |  | 8/10 | | Description: |  | Multiple memory corruptions, buffer overflows, integer overflows, heap array overflow. |
| Affected: |  | NOVELL : GroupWise 8.02 | | CVE: |  | CVE-2011-2663 (Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message.) | | | | CVE-2011-2662 (Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message.) | | | | CVE-2011-0334 (Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.) | | | | CVE-2011-0333 (Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error.") | | | | CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.) |
| Original document |  | SECUNIA, Secunia Research: Novell GroupWise Internet Agent HTTP Interface Buffer Overflow (02.10.2011) |
| | | SECUNIA, Secunia Research: Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability (02.10.2011) |
| | | IDEFENSE, iDefense Security Advisory 09.26.11: Novell GroupWise iCal TZNAME Heap Overflow Vulnerability (02.10.2011) |
| | | VUPEN Security Research, VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability (02.10.2011) |
| | | VUPEN Security Research, VUPEN Security Research - Novell GroupWise "BYWEEKNO" Remote Memory Corruption Vulnerability (02.10.2011) |
| | | VUPEN Security Research, VUPEN Security Research - Novell GroupWise "integerList" Remote Buffer Overflow Vulnerability (02.10.2011) |
| | | VUPEN Security Research, VUPEN Security Research - Novell GroupWise "RRULE" Remote Buffer Overflow Vulnerability (02.10.2011) |
| | | IDEFENSE, iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability (02.10.2011) |
| | | IDEFENSE, iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability (02.10.2011) |
| | | IDEFENSE, iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability (02.10.2011) |
|
|
|
|
|
|
|
|
