Novell groupwise address book suffers from remote code execution vulnerability.
The information has been provided by Francis Provencher.
* Novell Groupwise Address Book
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installation of Novell Groupwise Client. User must open a malformed Novell Address Book (*.NAB) with an overly long email address to trigger this vulnerability.
:::TAGMAP:::0FFE0003:***,3001001F:Name,3A06001F:First Name,3A44001F:Middle Name,3A11001F:Last Name,3A45001F:Prefix,3A05001F:Suffix,3003001F:E-Mail Address,3A56101F:E-Mail Addresses,3A00001F:User ID,6605001F:Post Office,6604001F:Domain,660D001F:Internet Domain,6609001F:Additional Routing,660C0003:E-Mail Address Format,6603001F:GUID,66060003:File ID,6608001F:Network ID,6607001F:eDirectory Distinguished Name,3004001F:Comments,660E001F:AIM/IM Screen Name,6610101F:IM Addresses,3A1A001F:Phone Number,3A08001F:Office Phone,3A09001F:Home Phone,3A1C001F:Mobile Phone,3A23001F:Fax Number,3A21001F:Pager Number,3A29001F:Office Street,3A19001F:Mailstop,3A27001F:Office City,3A28001F:Office State,3A2A001F:Office Postal Code,3A260000:Office Country,3A5D001F:Home Street,3A59001F:Home City,3A5C001F:Home State,3A5B001F:Home Postal Code,3A5A001F:Home Country,3A17001F:Title,3A18001F:Department,3A16001F:Organization,3A51001F:Office Website,3A50001F:Personal Website,3A42001F:Birthday,661
2011-11-30 Vulnerability reported to vendor
2012-02-29 Vendor disclose patch
comments powered by Disqus. blog comments powered by