Update Protection against Novell GroupWise Client IMG Tag SRC Parameter Buffer Overflow Vulnerability (CVE-2007-6435)
|Check Point Reference:||CPAI-2011-265|
|Source:||Secunia Advisory: SA28102|
|Protection Provided by:||
Who is Vulnerable?
Novell Groupwise Client 6.5.6 and prior
A buffer overflow vulnerability has been reported in Novell GroupWise Client. Novell GroupWise is a client-server collaborative software and email system provided by Novell. The Novell GroupWise Client application is capable of communicating with Novell Group server, as well as Internet email gateways using SMTP, POP, and IMAP protocols. A remote attacker may exploit this vulnerability to execute arbitrary code on the target server.
The vulnerability is due to a boundary error in Novell GroupWise Client when processing crafted emails, containing malicious HTML IMG tags. A remote attacker could exploit this issue by sending malicious emails to the target user. Successful exploitation of this vulnerability would allow arbitrary code injection and execution, and may cause the vulnerable Novell GroupWise Client application to terminate.
This protection will detect and block malicious emails sent to the target user.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway: R75
How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > IPS Software Blade > Application Intelligence > Mail.
2. In the right pane, double-click the Novell GroupWise Client IMG Tag SRC Parameter Buffer Overflow protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Mail Protocols Violation
Attack Information: Novell GroupWise client IMG tag SRC parameter buffer overflow