| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2009 04:17:36 +0200 From: "VUPEN Security Research" <advisories@...en.com> To: <bugtraq@...urityfocus.com> Cc: <soc@...cert.gov> Subject: Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities VUPEN Security Research Advisory - VUPEN-SR-2009-01 // VUPEN-SR-2009-02 Advisory URL: http://www.vupen.com/english/advisories/2009/1393 May 22, 2009 I. BACKGROUND ---------------------- Novell GroupWise is a complete collaboration software solution that provides information workers with e-mail, calendaring, instant messaging, task management, and contact and document management functions. The leading alternative to Microsoft Exchange, GroupWise has long been praised by customers and industry watchers for its security and reliability. http://www.novell.com/products/groupwise/ II. DESCRIPTION --------------------- VUPEN Security discovered two critical vulnerabilities affecting Novell GroupWise 8.x and 7.x. The first issue is caused due to a buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing specially crafted email addresses via SMTP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. The second vulnerability is caused due to a buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing certain SMTP requests, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. III. AFFECTED PRODUCTS --------------------------------- Novell GroupWise version 7.03 HP2 and prior Novell GroupWise version 8.0.0 HP1 and prior IV. Exploit Codes & PoC ---------------------------- Fully functional remote code execution exploit codes have been developed by VUPEN Security and are available through the VUPEN Exploits & PoCs Service. http://www.vupen.com/exploits V. SOLUTION ------------------ For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later VI. CREDIT -------------- These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security VII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2009/1393 http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636 VIII. DISCLOSURE TIMELINE ----------------------------------- 18/02/2009 - Vendor notified 18/02/2009 - Vendor response 21/05/2009 - Vendor issues fixed version 22/05/2009 - Coordinated public Disclosure
Powered by blists - more mailing lists