Novell GroupWise Internet Agent 8.x <= 8.0.2 HP3 / 12.x < 12.0.1 Multiple Vulnerabilities
Critical Nessus Plugin ID 62283
SynopsisThe remote Windows host has an application that is affected by a buffer overflow vulnerability.
DescriptionThe version of Novell GroupWise Internet Agent running on the remote host is 8.x less than or equal to 8.0.2 HP3, or 12.x earlier than 12.0.1. As such, it is potentially affected by multiple vulnerabilities :
- A heap-based buffer overflow vulnerability exists when parsing requests to the web-based admin interface with a specially crafted Content-Length header.
- Multiple vulnerabilities exist in the bundled Oracle 'Outside In' viewer technology.
By exploiting these flaws, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.
SolutionUpdate GWIA to version 8.0.3 Hot Patch 1, 12.0.1, or later.