AusCERT - ASB-2012.0133 - [Win][Netware] Novell GroupWise 8: Multiple vulnerabilities

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ASB-2012.0133 - [Win][Netware] Novell GroupWise 8: Multiple vulnerabilities
Date: 03 October 2012
References: ESB-2013.0401

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0133
       Multiple vulnerabilities have been fixed in GroupWise 8.0 SP3
                              3 October 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Novell GroupWise 8
Operating System:     Netware
                      Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                      Cross-site Scripting            -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Remote/Unauthenticated      
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-4912 CVE-2012-0419 CVE-2012-0418
                      CVE-2012-0417  
Member content until: Friday, November  2 2012

OVERVIEW

        Multiple vulnerabilities have been fixed in Novell GroupWise 8.0 SP3.


IMPACT

        The vendor has provided the following information: [1]
        
        CVE-2012-4912:
        "GroupWise WebAccess is vulnerable to a cross-site scripting (XSS)
        exploit where input passed via an HTML email is not properly sanitized
        before being displayed to the user, whereby an attacker could
        potentially insert arbitrary HTML and script code that will be executed
        in a user's browser session."
        
        CVE-2012-0419:
        "The HTTP interfaces for the GroupWise agents are vulnerable to an
        arbitrary file retrieval condition due to a failure to properly filter
        certain crafted directory traversal sequences. An unauthenticated
        remote attacker can leverage this flaw to retrieve files with the
        privileges of the vulnerable agent(s)."
        
        CVE-2012-0418: 
        "The GroupWise Client for Windows is vulnerable to an exploit where by
        enticing a target user to open a malicious file, a remote attacker can
        leverage the vulnerability to gain remote code execution within the
        security context of the affected user, or crash the affected
        application."
        
        CVE-2012-0417: 
        "The GroupWise Internet Agent (GWIA) is vulnerable to an integer
        overflow exploit that could potentially allow an unauthenticated
        remote attacker to execute arbitrary code on vulnerable installations
        of GWIA." 


MITIGATION

        Users should install SP3 Hot Patch 1.[1]


REFERENCES

        [1] GroupWise 8.0 SP3 Hot Patch 1 Full Release for Windows and NLM
            http://download.novell.com/Download?buildid=O5hTjIiMdMo~

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUGudfe4yVqjM2NGpAQIOxw/8CIwvPwXKX/tOmtCp1MCPSfna1LdcAfWZ
nsPSAJ9SPiRlYd0fxes4iWkyp7c9u95HJaAukDzvauyVXhjr+MYrYgJ4OEOAdgbS
jgNJMGbrGNRjJuQefCEmF0O/itaXYdsIAm/CAp/fA4GkRiU6P/2WKmu1216Nbkzc
1VYPEyKB9OBn3w0Lg9CO7Q5Ve5MZ/gNz4HyLAkCbbG33tU16diH+Ex28zKxzN8bV
JzVbIgHQiSjXIez58l/P+Ruy4WjtKaRpcauK/moxcQwe2QI4IzZXh7/OHhZzbb5Y
HxfZBHR/nArBUpsMpYUo9Y1+TXysQePhmxIrTUvBHqXKdr4RXZtohWKsDC+KawtE
CXoS0fIoh7f/nyStbg1gygQeBXiZTHTgK4tcnOWQASgFdZUVwf1vuRCzQgSPIudO
i0Yx0fKuqPTKt2+8l+PZWXoy+0RjowFqbyOOT3TsJeWtTj2m7uWbmKFCNCWr5WZF
vM+VmvG79LEiBT8+DhI9m27i+hWlnWh36/iTgxi9xH+Avwo4O+LRg5ZcG3VsDj1H
vByjEvsp0taOG6ogQ+pQzRoDksyuXtd9ByaSk7XOzpoyEv62I9+uM0UGZUTclHr9
+XSYSkJexLrZdX5hgCfrUTpY9S3oyQNUJVFfZY5Cg1ncLVKVDo3V+f8aCVdrQWBy
9S5ULeN+Lsw=
=V+Lj
-----END PGP SIGNATURE-----