PRL-2012-28

#####################################################################################

Application:   Novell Groupwise

Platforms:   Windows

Version:   8.0.2 HP3 and 2012

Secunia: SA50622

{PRL}:   2012-28

Author:   Francis Provencher (Protek Research Lab’s)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) The Code

#####################################################################################

===============
1) Introduction
===============

Novell, Inc. is a global software and services company based in Waltham, Massachusetts. The company specializes in

enterprise operating systems, such as SUSE Linux Enterprise and Novell NetWare; identity, security, and systems

management solutions; and collaboration solutions, such as Novell Groupwise and Novell Pulse. Novell was instrumental

in making the Utah Valley a focus for technology and software development. Novell technology contributed to the

emergence of local area networks, which displaced the dominant mainframe computing model and changed computing

worldwide. Today, a primary focus of the company is on developing open source software for enterprise clients.

(http://en.wikipedia.org/wiki/Novell)

#####################################################################################

============================
2) Report Timeline
============================

2012-02-03  Vulnerability reported to Secunia
2012-09-14  Publication of this advisory

#####################################################################################

============================
3) Technical details
============================

The vulnerability is caused due to an integer overflow error in GroupWise Internet Agent (gwia.exe)

when copying request data and can be exploited to cause a heap-based buffer overflow by e.g.

sending a specially crafted request with the “Content-Length” header value set to “-1” to the web-based

administration interface (TCP port 9850). Successful exploitation may allow execution of arbitrary code.

#####################################################################################

===========
4) The Code
===========

Here

###############################################################################