Denial of Service Vulnerability in GroupWise Internet Agent by Novell
CVE-2011-3827

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 19 September 2012

Summary

The GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 prior to Support Pack 3 contains a flaw in its iCalendar component, specifically in the gwwww1.dll file. This vulnerability allows remote attackers to exploit crafted date-time strings in .ics attachments, resulting in an out-of-bounds read and a crash of the daemon, leading to a denial of service. Proper handling of input is critical to preventing such crashes and ensuring system stability.

References

http://www.novell.com/support/kb/doc.php?id=7010767

x_refsource_CONFIRM

http://secunia.com/secunia_research/2012-30/

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2012-09/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 19, 2012
Vulnerability Reserved
Sep 26, 2011