In association with heise online

05 October 2006, 13:59

Crash risk with Novell GroupWise Messenger

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Novell's GroupWise Messenger service can be made to crash during HTTP POST requests. Special values of the Val parameter lead to a null pointer de-reference in blowfish routines. According to security services provider iDefense, however, it does not appear to be possible to use the vulnerability to infiltrate and execute code. Messenger Agents 1.0.6 and 2.02 are definitely affected; Novell has released a Hot Patch for these versions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit