| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403210934.i2L9YLU16303@singularity.tronunltd.com> From: Ian.Latter at mq.edu.au (Ian Latter) Subject: OT - Groupwise Protocol(s) (was Re: Operating Systems Security, 'Microsoft Security, baby steps') Hello Daniele, I'm catching up on email and saw this -- are you (or anyone else here) familiar with the notify protocol running under the fat-client verison of Groupwise? If so can you email me off list .. I want to know if there's a way around the UDP->TCP flip that it does mid- stream (can be seen on a decent sized Busy Search in the Schedule/Calendar) -- or predict the outbound port used to notify on new email, prior the inbount poll done by the client every 8 minutes. We've been burnt by these oddities in the protocol and aren't getting anywhere with Novell (apparently they were reporting a 52 hour wait on their support queue last week ;-) Thanks, ----- Original Message ----- >From: "Daniele Muscetta" <daniele@...cetta.com> >To: <todd@...topia.com> >Subject: Re: [Full-Disclosure] Operating Systems Security, 'Microsoft Security, baby steps' >Date: Thu, 18 Mar 2004 11:18:51 +0100 > > Todd Burroughs said: > > Kudos to SuSE, keep up the good work! We're getting nervous with the > > Novell thing, but keep security first. > > > Yeah..... tell Novell, indeed: > > http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968352.htm > > for their propreitary Groupwise Webmail interface I have been waiting for > MONTHS for this fix.... it has been in BETA for months now, looks like > forever.... and it says: > [...] This patch also addresses OpenSSL security vulnerabilities described > in CERTŪ Advisories CAN-2003-0543 (VU#255484), CAN-2003-0544 (VU#380864), > VU#686224, and VU#732952 [...] > .....which is not yesterday's bug. But a much older one. > It's kept very quiet though. Any other distro/vendor has had it fixed for > ages now. > I believe that the known exploits for linux/unix don't work on Netware so > they think it is safe to take that long to fix it..... > Yeah, this BETA fix is there.... but: > [...] Groupwise 6.5 WebAccess SP2 Field Test File revision E. This patch > should be used to verify bug fixes prior to the official release of > GroupWise 6.5 Support Pack 2. Fixes in this FTF are not guaranteed to be > included in the shipping release of Groupwise 6.5 SP2. [...] > So.... is one supposed to install it or not ? > > Good that SuSE *still* works indipendently enough. > > Daniele > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University
Powered by blists - more mailing lists