Re: [ISR] - Novell GroupWise Client Integer Overflow

From: Crist J. Clark (cristjc_at_comcast.net)
Date: 09/27/05

Next message: Thierry Carrez: "[ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries"

Previous message: Mandriva Security Team: "MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities"
In reply to: Francisco Amato: "[ISR] - Novell GroupWise Client Integer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Sep 2005 12:51:42 -0700
To: Francisco Amato <famato@infobyte.com.ar>

On Tue, Sep 27, 2005 at 10:57:57AM -0300, Francisco Amato wrote:
[snip]

> .:: DESCRIPTION
>
> This issue is due to a failure of the application to securely parse the
> saved port number of the last authentication store in windows register.
>
> To reproduce this, we have to modify the default register key of
> HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port

This is obviously a bug, but why is this a security vulnerability?
Does the GroupWise client run with elevated privileges?

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu

Next message: Thierry Carrez: "[ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries"

Previous message: Mandriva Security Team: "MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities"
In reply to: Francisco Amato: "[ISR] - Novell GroupWise Client Integer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]