Novell provides patches for GroupWise
Novell has provided an update for their GroupWise groupware and messaging solution, to fix a hole that may be exploited to gain remote access to a PC. The bug resides in the WebAccess Agent listening on ports 7205 and 7211. It causes a buffer overflow when handling HTTP authentication requests of excess length.
According to the Zero Day Initiative (ZDI), attackers can use packets with manipulated Base64-coded data to exploit this flaw for arbitrary code execution. This bug affects Novell GroupWise 7.x. The updates provide fixes for Windows, Netware and Linux.
(mba)