Denial of service in Novell GroupWise
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, October 5 2006 - A vulnerability has been reported in the Novell
GroupWise Messenger agents, which could allow a remote user to provoke
denial of service conditions.
A remote user could crash the Messenger service by sending the target
system an HTTP POST request to port 8300 with a specially modified "val"
parameter. Novell has confirmed that the error lies in the processing of
zero-size strings in blowfish routines.
Novell has published the patches to correct this problem:
- Para 1.0.6:
- Para 2.0.2: <http://support.novell.com/servlet/fi
The original Novell advisories are available at:
This one tip will help you sleep better tonight
A few seconds are all you need to get a better night's rest.