Date: 22 May 2009
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2009.0121 AUSCERT Advisory
[Win][Linux]
Novell GroupWise: Multiple Vulnerabilities
22 May 2009
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: Novell GroupWise
Operating System: Windows
Linux variants
Impact: Administrator Compromise
Inappropriate Access
Cross-site Scripting
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2009-1634 CVE-2009-1635 CVE-2009-1636
Member content until: Friday, June 19 2009
OVERVIEW:
Novell have released patches for GroupWise correcting several
security vulnerabilities.
IMPACT:
GroupWise 7 SP3 Hot Patch 3 and GroupWise 8 Hot Patch 2 for Windows
client have been released correcting the following vulnerability:
"Notify connects to the wrong mailbox, bypassing authentication in
unique circumstances" [1,2]
GroupWise 7 SP3 Hot Patch 3 and GroupWise 8.0 Hot Patch 2 for
Windows and Linux have been released correcting the following
vulnerabilities:
"Novell GroupWise WebAccess is vulnerable to weaknesses within the
session management mechanisms that could potentially allow an attacker
to gain access to an authenticated user's account." [3,4,5,6]
"Novell GroupWise WebAccess is vulnerable to a cross-site scripting
(XSS) exploit via unfiltered style expressions, which could
potentially allow an attacker to send a message with an HTML file that
contains malicious scripts, which could redirect a user and/or forward
data & requests to a malicious site." [3,4,5,6]
"A vulnerability exists in Novell GroupWise WebAccess in the that way
it blocks scripting. Exploitation of this vulnerability could
potentially allow an attacker to gain access to an authenticated
user's mailbox and forward data & requests to a malicious site."
[3,4,5,6]
"A vulnerability exists in Novell GroupWise WebAccess that could allow
an attacker to use Javascript to deface the login page, which could
potentially prevent users from logging in to WebAccess" [3,4,5,6]
"A vulnerability exists in Novell GroupWise Internet Agent, in the
way it processes certain SMTP requests. Exploitation of this
vulnerability could lead to arbitrary code execution with SYSTEM
privileges." [3,4,5,6]
"A vulnerability exists in the Novell GroupWise Internet Agent, in
the way it processes email addresses in the SMTP protocol.
Exploitation of this vulnerability could lead to arbitrary code
execution with SYSTEM privileges." [3,4,5,6]
"Notify connects to the wrong mailbox, bypassing authentication in
unique configurations" [3,4,5,6]
MITIGATION:
Updates correcting these vulnerabilities are available from the
Novell website. [7]
REFERENCES:
[1] GroupWise 7 SP3 Hot Patch 3 Windows Client US and MULTI
http://download.novell.com/Download?buildid=S8W2dS9M-Nc~
[2] GroupWise 8.0 Hot Patch 2 Windows Client US and MULTI
http://download.novell.com/Download?buildid=FMZgYd2iv-0~
[3] GroupWise 7 SP3 Hot Patch 3 Full for Windows and NLM US and MULTI
http://download.novell.com/Download?buildid=yiPc_UOOOeA~
[4] GroupWise 7 SP3 Hot Patch 3 Linux Full US and MULTI
http://download.novell.com/Download?buildid=Y0ajlMy_G_Q~
[5] GroupWise 8.0 Hot Patch 2 Full for Windows and NLM US and MULTI
http://download.novell.com/Download?buildid=5g9EvVV_9bQ~
[6] GroupWise 8.0 Hot Patch 2 Linux Full US and MULTI
http://download.novell.com/Download?buildid=rcN883p1Mao~
[7] Novell Downloads
http://download.novell.com/index.jsp?tab=patches&page_num=1&patch_security_alert=on&build_type=PatchBuildBean&search_type=&search=Search
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKFgyQNVH5XJJInbgRApxZAJ0VRLd9BJ4a+QCz3XcS9fUJfzCMMACfcoGN
JjGJ1WfWVadb24B2z4uHwr4=
=vySG
-----END PGP SIGNATURE-----
|