Bugtraq: Re: [ISR] - Novell GroupWise Client Integer Overflow

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [ISR] - Novell GroupWise Client Integer Overflow

From: "Crist J. Clark" <cristjc () comcast net>
Date: Tue, 27 Sep 2005 12:51:42 -0700

On Tue, Sep 27, 2005 at 10:57:57AM -0300, Francisco Amato wrote:
[snip]

.:: DESCRIPTION 

This issue is due to a failure of the application to securely parse the
saved port number of the last authentication store in windows register. 

To reproduce this, we have to modify the default register key of
HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port


This is obviously a bug, but why is this a security vulnerability?
Does the GroupWise client run with elevated privileges?
-- 
Crist J. Clark                     |     cjclark () alum mit edu

By Date By Thread

Current thread:

[ISR] - Novell GroupWise Client Integer Overflow Francisco Amato (Sep 27)
- Re: [ISR] - Novell GroupWise Client Integer Overflow Crist J. Clark (Sep 27)