Home / Cyber Advisories

---

MS-ISAC ADVISORY NUMBER:
2009-004

DATE(S) ISSUED:
1/30/2009

SUBJECT:
Multiple Novell GroupWise Vulnerabilities Could Lead to Remote Code Execution or Information Disclosure

OVERVIEW:

Multiple vulnerabilities have been discovered in Novell GroupWise. GroupWise is Novell's email system. If successfully exploited, these vulnerabilities may allow an attacker to steal sensitive information, compromise email credentials, or execute arbitrary code. Depending on the associated privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

SYSTEMS AFFECTED:

• GroupWise 6.5x
• GroupWise 7.0
• GroupWise 7.01
• GroupWise 7.02x
• GroupWise 7.03x
• GroupWise 8.0

RISK:

Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: N/A

DESCRIPTION:
Novell has confirmed that GroupWise WebAccess and GroupWise Internet Agent (GWIA) are susceptible to several vulnerabilities. WebAccess is used to allow mobile users access to GroupWise remotely. The Novell GWIA converts SMTP and MIME mail to the GroupWise format.

WebAccess is vulnerable to a cross-site request forgery attack that may allow the attacker to set email forwarding rules for the end user. The attacker could then forward emails to themselves or another third party. For an attacker to exploit this vulnerability the user must visit a malicious web page or click on a maliciously crafted link.

WebAccess is susceptible to a persistent cross-site scripting attack exists that could allow an attacker to run malicious code in the browser of the end user. This could result in a permanent defacement of the WebAccess site or the redirection of information to unauthorized third parties.

WebAccess is also susceptible to a cross site scripting attack that could result in the temporary defacement of the site or the redirection of information. This attack is accomplished by leveraging the POST method.

WebAccess can be exploited to allow an attacker access to GroupWise information by using a specially crafted URL. The issue exists as the attacker is able to convert POST requests to GET requests.

A vulnerability exists in GWIA that would give a remote attacker the ability to execute code on a server running the GWIA application.

The specifics of these attacks have been withheld from the public to allow Novell time to make and distribute patches.

RECOMMENDATIONS:
We recommend the following actions be taken:

• Apply appropriate patches issued by Novell today to vulnerable systems immediately after appropriate testing.
• Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

REFERENCES:
Novell:
http://download.novell.com/patch/finder
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7002319&sliceId=1&docTypeID=DT_TID_1_1&dialogID=21438963&stateId=0%200%2021442204
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7002320&sliceId=1&docTypeID=DT_TID_1_1&dialogID=21438963&stateId=0%200%2021442204
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7002321&sliceId=1&docTypeID=DT_TID_1_1&dialogID=21438963&stateId=0%200%2021442204
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7002322&sliceId=1&docTypeID=DT_TID_1_1&dialogID=21438963&stateId=0%200%2021442204
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7002502&sliceId=1&docTypeID=DT_TID_1_1&dialogID=21438963&stateId=0%200%2021442204

Security Focus:
http://www.securityfocus.com/bid/33537
http://www.securityfocus.com/bid/33541

Copyright © 2010 - Privacy Policy - Contact Us