MS-ISAC ADVISORY NUMBER:
2007-013

DATE(S) ISSUED:
6/1/2007

SUBJECT:
Security Vulnerability in Novell GroupWise

OVERVIEW:

A vulnerability in the Novell GroupWise System (Novell's Email system) has been discovered due to a design error in the GroupWise application. This vulnerability allows a malicious user to intercept network traffic without user knowledge. This traffic can include highly sensitive information, such as authentication credentials (usernames and passwords).

SYSTEMS AFFECTED:

  • Novell GroupWise 7.0
  • Novell GroupWise 6.5 SP6
  • Novell GroupWise 6.5 SP5
  • Novell GroupWise 6.5 SP4
  • Novell GroupWise 6.5 SP3
  • Novell GroupWise 6.5 SP2
  • Novell GroupWise 6.5 SP1
  • Novell GroupWise 6.5
  • Novell GroupWise 7.0.0 SP1

RISK:
Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: N/A

DESCRIPTION:
The vulnerability in the Novell GroupWise System makes it prone to a man-in-the-middle attack. This issue is due to a design error in the affected application. This vulnerability applies to all GroupWise Clients including GroupWise Connector for Microsoft Outlook and all GroupWise Agents including Mail Transfer Agent (MTA), Post Office Agent (POA), GroupWise Internet Agent (GWIA) & WebAccess.

An attacker who successfully exploited an affected system could gain access to sensitive content of encrypted network traffic, such as authentication credentials (usernames and passwords). This may also lead to other attacks.

Currently there are no exploits available at this time.

RECOMMENDATIONS:
We recommend that the following actions be taken:

  • Apply all the appropriate patches provided by Novell to vulnerable systems as soon as possible, after appropriate testing.

The patches can be found for GroupWise 7.x & GroupWise 6.5.x at: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3382383&sliceId=SAL_Public&dialogID=37078655&(New Window)

REFERENCES:

Novell:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3382383&sliceId=SAL_Public&dialogID=37078655&(New Window)

SecurityFocus:
http://www.securityfocus.com/bid/24258/references(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.