Novell GroupWise gwwww1.dll Buffer Overflow Vulnerability (CVE-2010-4326) Analysis

Vulnerability Information - CVE ID: CVE-2010-4326 - CVSS Score: 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C - Affected Vendor: Novell - Affected Product: GroupWise Vulnerability Details - The vulnerability allows remote attackers to execute arbitrary code on vulnerable Novell GroupWise installations. Exploitation of this vulnerability does not require authentication. - A specific flaw in the gwwww1.dll module occurs when processing VCALANDAR data within email messages. When encountering the REQUEST-STATUS variable, the module allocates up to 0xFFFF bytes for the variable value. It then proceeds to copy the value into a fixed-length buffer without checking whether it will overflow. By specifying a sufficiently large string in an email, an attacker can cause a buffer overflow and execute arbitrary code in the context of the SYSTEM user. Mitigation - Trend Micro TippingPoint IPS Customers: Protected against this vulnerability via Digital Vaccine filter ID ['10788']. For more information on TippingPoint products, visit http://www.tippingpoint.com Disclosure Timeline - 2010-09-24 - Vulnerability reported to vendor - 2011-01-25 - Public coordinated vulnerability announcement released Additional Details - Novell has released an update to fix this vulnerability. More information is available at: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7007155&sliceId=1&docTypeID=DT_TID_1_1&dialogID=199990003&stateId=0%200%200 Contributors Anonymous

Goal Reached Thanks to every supporter — we hit 100%!

Novell GroupWise gwwww1.dll Buffer Overflow Vulnerability (CVE-2010-4326) Analysis