Security vulnerability in Groupwise
Juan Pablo Lopez Yacubian has discovered a vulnerability in Novell Groupwise 7 that allows attackers to inject arbitrary program code covertly by means of crafted websites. Novell has yet to provide a fix.
Yacubian writes that Groupwise 7 crashes when handling excess length
mailto: URLs, which can be embedded in a website and automatically called if, for example, an
<IMG> tag is used. A buffer overflow then occurs, and the security advisory states that the processor's EIP (extended instruction pointer) can then be manipulated to allow injected program code to be launched.
Yacubian does not say precisely which version of the software is affected, but merely writes that he found the flaw in Groupwise 7 on Windows XP. Since mid-March, Service Pack 3 for GroupWise 7 has been available for downloading from Novell's website; this version probably still contains the flaw. Administrators can prevent the automatic exploitation of this flaw on their clients by using a different program as the standard application for
mailto: URLs or disabling the automatic assignment to a program. Those who use a proxy can inspect and filter
mailto: URLs in HTML websites.
- GroupWise 7.0 mailto: scheme buffer overflow, Juan Pablo Lopez Yacubian's security advisory at Bugtraq
- Download patches for Novell's Groupwise 7