lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200403210934.i2L9YLU16303@singularity.tronunltd.com>
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: OT - Groupwise Protocol(s)  (was Re: Operating Systems Security, 'Microsoft Security, baby steps')

Hello Daniele,

  I'm catching up on email and saw this -- are you (or anyone else 
here) familiar with the notify protocol running under the fat-client
verison of Groupwise?  If so can you email me off list .. I want to
know if there's a way around the UDP->TCP flip that it does mid-
stream (can be seen on a decent sized Busy Search in the 
Schedule/Calendar) -- or predict the outbound port used to notify
on new email, prior the inbount poll done by the client every 8 
minutes.

  We've been burnt by these oddities in the protocol and aren't
getting anywhere with Novell (apparently they were reporting a
52 hour wait on their support queue last week  ;-)


Thanks,


----- Original Message -----
>From: "Daniele Muscetta" <daniele@...cetta.com>
>To: <todd@...topia.com>
>Subject:  Re: [Full-Disclosure] Operating Systems Security, 'Microsoft Security, baby steps'
>Date: Thu, 18 Mar 2004 11:18:51 +0100
>
> Todd Burroughs said:
> > Kudos to SuSE, keep up the good work!  We're getting nervous with the
> > Novell thing, but keep security first.
> 
> 
> Yeah..... tell Novell, indeed:
> 
> http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968352.htm
> 
> for their propreitary Groupwise Webmail interface I have been waiting for
> MONTHS for this fix.... it has been in BETA for months now, looks like
> forever.... and it says:
> [...] This patch also addresses OpenSSL security vulnerabilities described
> in CERTŪ Advisories CAN-2003-0543 (VU#255484), CAN-2003-0544 (VU#380864),
> VU#686224, and VU#732952 [...]
> .....which is not yesterday's bug. But a much older one.
> It's kept very quiet though. Any other distro/vendor has had it fixed for
> ages now.
> I believe that the known exploits for linux/unix don't work on Netware so
> they think it is safe to take that long to fix it.....
> Yeah, this BETA fix is there.... but:
> [...] Groupwise 6.5 WebAccess SP2 Field Test File revision E. This patch
> should be used to verify bug fixes prior to the official release of
> GroupWise 6.5 Support Pack 2. Fixes in this FTF are not guaranteed to be
> included in the shipping release of Groupwise 6.5 SP2. [...]
> So.... is one supposed to install it or not ?
> 
> Good that SuSE *still* works indipendently enough.
> 
> Daniele
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ