|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=416
|
| |
Vulnerable Systems:
* Novell GroupWise Messenger version 2
The vulnerability specifically exists due to improper handling of a an HTTP POST request with a modified 'val' parameter. When such a request is received, a NULL pointer dereference occurs, leading to a crash of the service.
Analysis:
Successful exploitation of this vulnerability would result in the server crashing, rendering it unusable until it is restarted. Further exploitation does not appear possible. In order to exploit this vulnerability, an attacker must send a specially constructed HTTP request to the server on TCP port 8300.
Vendor response:
Novell has released updates in the form of Hot Patches. More information on the security update can be found via the following link. http://support.novell.com/filefinder/security/index.html
CVE Information:
CVE-2006-4511
Disclosure Timeline:
08/17/2006 - Initial vendor notification
08/18/2006 - Initial vendor response
10/02/2006 - Coordinated public disclosure
|
|
|
|
|
