MS-ISAC ADVISORY NUMBER:
2009-029

DATE(S) ISSUED:
5/22/2009

SUBJECT:
Multiple Vulnerabilities in Novell GroupWise WebAccess Could Lead to Unauthorized Account Access

OVERVIEW:

Novell GroupWise is a collaborative software product which includes email, calendars, instant messaging and document management. Multiple vulnerabilities have been discovered in Novell GroupWise WebAccess. GroupWise WebAccess provides remote access to a Novell GroupWise system. Successful exploitation of two of the vulnerabilities could allow an attacker to gain unauthorized access to an authenticated user's account. Successful exploitation of the other vulnerabilities could allow an attacker to leverage other attacks.

SYSTEMS AFFECTED:

  • GroupWise Internet Agent
  • GroupWise 7.0 up to (and including) 7.03 HP2
  • GroupWise 8.0 up to (and including) 8.0.0 HP1

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: Low

DESCRIPTION:
Novell has confirmed the existence of multiple vulnerabilities in Novell GroupWise WebAccess including cross-site scripting and unauthorized account access. GroupWise WebAccess provides remote access to a Novell GroupWise system. Unauthorized account access vulnerabilities occur due to the weak session management mechanisms. Cross-site scripting vulnerabilities occur due to the failure to sanitize user-supplied input and unfiltered style expressions. Cross-site scripting is an attack that results in execution of script code in the browser of an unsuspecting user. Please note that the cross-site scripting vulnerabilities require user interaction such as clicking on a malicous link. Novell has supplied patches for the vulnerabilities.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate patches provided by Novell to vulnerable systems immediately after appropriate testing.
  • Do not follow links provided by unknown or un-trusted sources.

REFERENCES:

Novell:
http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1(New Window)
http://www.novell.com/support/viewContent.do?externalId=7003268&sliceId=1(New Window)
http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1(New Window)
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7003271&sliceId=1&docTypeID=DT_TID_1_1&dialogID=56691148&stateId=0%200%2056689187(New Window)

Security Focus:
http://www.securityfocus.com/bid/35061(New Window)
http://www.securityfocus.com/bid/35066(New Window)

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1635(New Window)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1634(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.