https://www.exploit-db.com/exploits/26301
https://cxsecurity.com/issue/WLB-2005090024
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-004

NovellGroupWise是美国Novell公司的一套协作通讯系统。该系统提供了电子邮件、日程安排、即时通讯、任务管理、文档管理以及联系人管理等协作通讯服务。GroupWise注册表解析代码中存在整数溢出漏洞，攻击者可以通过修改某些键值创建整数溢出，导致崩溃或执行任意代码。起因是应用程序没能安全的解析windows注册表中保存的最后认证的端口数。

source: http://www.securityfocus.com/bid/14952/info

Novell GroupWise Client is prone to a local integer overflow vulnerability.

The attacker may leverage this issue to corrupt process memory, which may lead to a crash or arbitrary code execution. A complete compromise of the affected system may be possible.

GroupWise 6.5.3 is reported to be vulnerable. It is possible that other versions are affected as well. 

The following value is sufficient to trigger this issue:
11111111111111111111111111111111

来源:XF
名称:novell-groupwise-port-number-overflow(22419)
链接:http://xforce.iss.net/xforce/xfdb/22419
来源:BID
名称:14952
链接:http://www.securityfocus.com/bid/14952
来源:support.novell.com
链接:http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType;=%20c&externalId;=10098814html&sliceId;=&dialogID;=717171
来源:BUGTRAQ
名称:20050927[ISR]-NovellGroupWiseClientIntegerOverflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112784386426802&w;=2
来源:FULLDISC
名称:20050927[ISR]-NovellGroupWiseClientIntegerOverflow
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html
来源:OSVDB
名称:19862
链接:http://www.osvdb.org/19862
来源:MISC
名称:http://www.infobyte.com.ar/adv/ISR-13.html
链接:http://www.infobyte.com.ar/adv/ISR-13.html
来源:support.novell.com
链接:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm
来源:SECTRACK
名称:1014977
链接:http://securitytracker.com/id?1014977
来源:SREASON
名称:28
链接:http://securityreason.com/securityalert/28
来源:FULLDISC
名称:20050927Re:[ISR]-NovellGroup