lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1DD8356E556D4291B6355066BEF5A628@Webmail>
Date: Fri, 22 May 2009 04:17:36 +0200
From: "VUPEN Security Research" <advisories@...en.com>
To: <bugtraq@...urityfocus.com>
Cc: <soc@...cert.gov>
Subject: Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities

VUPEN Security Research Advisory - VUPEN-SR-2009-01 // VUPEN-SR-2009-02

Advisory URL: http://www.vupen.com/english/advisories/2009/1393

May 22, 2009

I. BACKGROUND 
----------------------

Novell GroupWise is a complete collaboration software solution that
provides information workers with e-mail, calendaring, instant
messaging, task management, and contact and document management
functions. The leading alternative to Microsoft Exchange, GroupWise
has long been praised by customers and industry watchers for its
security and reliability.

http://www.novell.com/products/groupwise/


II. DESCRIPTION 
---------------------

VUPEN Security discovered two critical vulnerabilities affecting Novell
GroupWise 8.x and 7.x.

The first issue is caused due to a buffer overflow error in the Novell
GroupWise Internet Agent (GWIA) when processing specially crafted 
email addresses via SMTP, which could be exploited by remote
unauthenticated attackers to execute arbitrary code with SYSTEM
privileges.

The second vulnerability is caused due to a buffer overflow error in
the Novell GroupWise Internet Agent (GWIA) when processing certain
SMTP requests, which could be exploited by remote unauthenticated
attackers to execute arbitrary code with SYSTEM privileges.


III. AFFECTED PRODUCTS
---------------------------------

Novell GroupWise version 7.03 HP2 and prior
Novell GroupWise version 8.0.0 HP1 and prior 


IV. Exploit Codes & PoC
----------------------------

Fully functional remote code execution exploit codes have been
developed by VUPEN Security and are available through the
VUPEN Exploits & PoCs Service.

http://www.vupen.com/exploits


V. SOLUTION 
------------------

For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later

For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later


VI. CREDIT 
--------------

These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security


VII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2009/1393
http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1
http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636


VIII. DISCLOSURE TIMELINE 
-----------------------------------

18/02/2009 - Vendor notified
18/02/2009 - Vendor response
21/05/2009 - Vendor issues fixed version
22/05/2009 - Coordinated public Disclosure 





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ