Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [ISR] - Novell GroupWise Client Integer Overflow
From: "Crist J. Clark" <cristjc () comcast net>
Date: Tue, 27 Sep 2005 12:51:42 -0700

On Tue, Sep 27, 2005 at 10:57:57AM -0300, Francisco Amato wrote:
[snip]

.:: DESCRIPTION 

This issue is due to a failure of the application to securely parse the
saved port number of the last authentication store in windows register. 

To reproduce this, we have to modify the default register key of
HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port 

This is obviously a bug, but why is this a security vulnerability?
Does the GroupWise client run with elevated privileges?
-- 
Crist J. Clark                     |     cjclark () alum mit edu


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]