mailing list archives
Re: [ISR] - Novell GroupWise Client Integer Overflow
From: "Crist J. Clark" <cristjc () comcast net>
Date: Tue, 27 Sep 2005 12:51:42 -0700
On Tue, Sep 27, 2005 at 10:57:57AM -0300, Francisco Amato wrote:
This issue is due to a failure of the application to securely parse the
saved port number of the last authentication store in windows register.
To reproduce this, we have to modify the default register key of
HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port
This is obviously a bug, but why is this a security vulnerability?
Does the GroupWise client run with elevated privileges?
Crist J. Clark | cjclark () alum mit edu