Re: [ISR] - Novell GroupWise Client Integer Overflow

To: Francisco Amato <famato@xxxxxxxxxxxxxxx>
Subject: Re: [ISR] - Novell GroupWise Client Integer Overflow
From: "Crist J. Clark" <cristjc@xxxxxxxxxxx>
Date: Tue, 27 Sep 2005 12:51:42 -0700
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20050927135757.22865.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050927135757.22865.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: cjclark@xxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i

On Tue, Sep 27, 2005 at 10:57:57AM -0300, Francisco Amato wrote:
[snip]

> .:: DESCRIPTION 
> 
> This issue is due to a failure of the application to securely parse the
> saved port number of the last authentication store in windows register. 
> 
> To reproduce this, we have to modify the default register key of
> HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port 

This is obviously a bug, but why is this a security vulnerability?
Does the GroupWise client run with elevated privileges?
-- 
Crist J. Clark                     |     cjclark@xxxxxxxxxxxx

References:
- [ISR] - Novell GroupWise Client Integer Overflow
  - From: Francisco Amato

Prev by Date: MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities
Next by Date: [ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries
Previous by thread: [ISR] - Novell GroupWise Client Integer Overflow
Next by thread: MDKSA-2005:170 - Updated mozilla packages fix multiple vulnerabilities
Index(es):
- Date
- Thread