MS-ISAC ADVISORY NUMBER:
2009-028

DATE(S) ISSUED:
5/22/2009

SUBJECT:
Multiple Vulnerabilities in Novell GroupWise Internet Agent Could Lead to Remote Code Execution

OVERVIEW:

Novell GroupWise is a collaborative software product which includes email, calendars, instant messaging and document management. Multiple vulnerabilities have been discovered in Novell GroupWise Internet Agent. The GroupWise Internet Agent (GWIA) is a server component which provides communication to other email systems and conversion of email messages to GroupWise format. Successful exploitation could allow an attacker to gain SYSTEM-level privileges. An attacker could then install programs; view, change, or delete data; or create new accounts. Unsuccessful exploitation attempts may result in a denial of service.

SYSTEMS AFFECTED:

  • GroupWise Internet Agent
  • GroupWise 7.0 up to (and including) 7.03 HP2
  • GroupWise 8.0 up to (and including) 8.0.0 HP1

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: Low

DESCRIPTION:
Novell has confirmed the existence of multiple buffer-overflow vulnerabilities in Novell GroupWise Internet Agent that may allow remote code execution with SYSTEM-level privileges. The GroupWise Internet Agent (GWIA) provides communication to other email systems and conversion of email messages to GroupWise format. The first vulnerability occurs due to the way the Internet Agent processes email addresses in the Simple Mail Transfer Protocol (SMTP). The second vulnerability occurs due to the way the Internet Agent processes certain SMTP requests. Exploitation of both vulnerabilities will lead to a buffer-overflow condition. Exploit code is not publically available at this time. Novell has supplied patches for the vulnerabilities.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate patches provided by Novell to vulnerable systems immediately after appropriate testing.

REFERENCES:

Novell:
http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1(New Window)
http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1(New Window)

Security Focus:
http://www.securityfocus.com/bid/35064(New Window)
http://www.securityfocus.com/bid/35065(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.