Novell GroupWise Internet Agent 8.x < 8.0.3 / 12.x < 12.0.1 Multiple Vulnerabilities
Medium Nessus Plugin ID 62284
SynopsisThe remote Windows host has an application that is susceptible to a denial of service attack.
DescriptionThe version of Novell GroupWise Internet Agent running on the remote host is 8.x earlier than 8.0.3 or 12.x earlier than 12.0.1. It therefore is potentially affected by multiple vulnerabilities :
- A denial of service vulnerability exists due to the way that the application parses date information within a received iCalendar message. A remote attacker could exploit this flaw to crash the affected service.
- An unspecified integer overflow vulnerability exists that could lead to code execution. (CVE-2012-0417)
- An arbitrary file retrieval vulnerability exists due to a failure to properly filter certain crafted directory traversal sequences in the HTTP interface.
SolutionUpdate GWIA to version 8.0.3, 12.0.1, or later.