[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200403210934.i2L9YLU16303@singularity.tronunltd.com>
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: OT - Groupwise Protocol(s) (was Re: Operating Systems Security, 'Microsoft Security, baby steps')
Hello Daniele,
I'm catching up on email and saw this -- are you (or anyone else
here) familiar with the notify protocol running under the fat-client
verison of Groupwise? If so can you email me off list .. I want to
know if there's a way around the UDP->TCP flip that it does mid-
stream (can be seen on a decent sized Busy Search in the
Schedule/Calendar) -- or predict the outbound port used to notify
on new email, prior the inbount poll done by the client every 8
minutes.
We've been burnt by these oddities in the protocol and aren't
getting anywhere with Novell (apparently they were reporting a
52 hour wait on their support queue last week ;-)
Thanks,
----- Original Message -----
>From: "Daniele Muscetta" <daniele@...cetta.com>
>To: <todd@...topia.com>
>Subject: Re: [Full-Disclosure] Operating Systems Security, 'Microsoft Security, baby steps'
>Date: Thu, 18 Mar 2004 11:18:51 +0100
>
> Todd Burroughs said:
> > Kudos to SuSE, keep up the good work! We're getting nervous with the
> > Novell thing, but keep security first.
>
>
> Yeah..... tell Novell, indeed:
>
> http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968352.htm
>
> for their propreitary Groupwise Webmail interface I have been waiting for
> MONTHS for this fix.... it has been in BETA for months now, looks like
> forever.... and it says:
> [...] This patch also addresses OpenSSL security vulnerabilities described
> in CERTŪ Advisories CAN-2003-0543 (VU#255484), CAN-2003-0544 (VU#380864),
> VU#686224, and VU#732952 [...]
> .....which is not yesterday's bug. But a much older one.
> It's kept very quiet though. Any other distro/vendor has had it fixed for
> ages now.
> I believe that the known exploits for linux/unix don't work on Netware so
> they think it is safe to take that long to fix it.....
> Yeah, this BETA fix is there.... but:
> [...] Groupwise 6.5 WebAccess SP2 Field Test File revision E. This patch
> should be used to verify bug fixes prior to the official release of
> GroupWise 6.5 Support Pack 2. Fixes in this FTF are not guaranteed to be
> included in the shipping release of Groupwise 6.5 SP2. [...]
> So.... is one supposed to install it or not ?
>
> Good that SuSE *still* works indipendently enough.
>
> Daniele
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
Ian Latter
Internet and Networking Security Officer
Macquarie University
Powered by blists - more mailing lists