Crash risk with Novell GroupWise Messenger
Novell's GroupWise Messenger service can be made to crash during HTTP POST requests. Special values of the Val parameter lead to a null pointer de-reference in blowfish routines. According to security services provider iDefense, however, it does not appear to be possible to use the vulnerability to infiltrate and execute code. Messenger Agents 1.0.6 and 2.02 are definitely affected; Novell has released a Hot Patch for these versions.
- Novell GroupWise Messenger nmma.exe DoS Vulnerability from iDefense
- Hot Patch for 1.0.6
- Hot Patch f0r 2.02
(trk)