[8035] in bugtraq
Re: NMRC Advisory - GroupWise Buffer Overflow
daemon@ATHENA.MIT.EDU (Randy Richardson)
Sat Sep 26 22:12:37 1998
Date: Fri, 25 Sep 1998 20:44:45 -0800
Reply-To: randy@INTER-CORPORATE.COM
From: Randy Richardson <randy@INTER-CORPORATE.COM>
X-To: Simple Nomad <thegnome@NMRC.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980322013136.155C-100000@vortex.nmrc.org>
[Snip]
> Synopsis
> --------
>
> A remote buffer overflow condition exists in Novell Groupwise Internet
> Gateway that permits DoS attacks and possible execution of malicious code.
> The overflow happens in the string parsing of the USER command in the POP3
> daemon, and in the command parsing of the LDAP daemon.
>
> Tested configuration
> --------------------
>
> The bug was tested with the following configuration :
>
> Novell Intranetware
> Intranetware Service Pack 5
> TCP/IP TCPN05 patch
> Novell BorderManager 2.1.0
> BorderManager Service pack 2.0D
> GroupWise 5.2
> GroupWise Service pack 3
>
> Bug(s) report
> -------------
[Snip]
Does this bug also exist in GroupWise 5.5?
Randy Richardson - randy@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
http://www.inter-corporate.com/
"Where do YOU want to Authenticate today?"
