Operating System:

[NetWare][WIN][LINUX][MAC]

Published:

20 September 2012

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2012.0906 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0906
   A number of vulnerabilities have been identified in Novell GroupWise
                             20 September 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Novell GroupWise 8.0x
                   Novell GroupWise 2012
Publisher:         Novell
Operating System:  Windows
                   Linux variants
                   Netware
                   Mac OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-0272 CVE-2012-0271 CVE-2011-3827

Original Bulletin: 
   http://www.novell.com/support/kb/doc.php?id=7010767
   http://www.novell.com/support/kb/doc.php?id=7010769
   http://www.novell.com/support/kb/doc.php?id=7010368

Comment: This bulletin contains three (3) Novell security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Vulnerability: GroupWise Internet Agent (GWIA) iCalendar parsing 
vulnerability

This document (7010767) is provided subject to the disclaimer at the end of 
this document.

Document ID:7010767

Creation Date:09-11-2012

Modified Date:09-14-2012

Environment

GroupWise 8.0x up to and including 8.02HP3

Situation

The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it 
parses time and date information within a received iCalendar message, which 
could potentially be exploited by an attacker to cause a Denial-of-Service 
(DoS) on vulnerable installations of GWIA.

Resolution

To resolve this vulnerability, apply GroupWise 8.0 Support Pack 3 (or later).

Previous versions of GroupWise are likely also vulnerable but are no longer 
supported. Customers on earlier versions of GroupWise should, at a minimum, 
upgrade their GWIA servers and associated Domains to version 8.0 Support Pack 
3 (or later) in order to secure their system.

This vulnerability was discovered and reported by Carsten Eiram, Secunia 
Research (http://www.secunia.com/), Secunia advisory SA45671.

Novell bug 733887, CVE-2011-3827

Status
Security Alert

Bug Number
733887

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE 
customers and parties interested in our products and solutions to acquire 
information, ideas and learn from one another. Materials are provided for 
informational, personal or non-commercial use within your organization and 
are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

- -------------------------------------------------------------------------------

Security Vulnerability - GroupWise Internet Agent (GWIA) Integer Overflow 
Vulnerability in HTTP interface

This document (7010769) is provided subject to the disclaimer at the end of 
this document.

Document ID:7010769

Creation Date:09-11-2012

Modified Date:09-19-2012

Environment

GroupWise 8.0x up to and including 8.02HP3
GroupWise 2012

Situation

The GroupWise Internet Agent (GWIA) is vulnerable to an integer overflow 
exploit on its HTTP interface that could potentially allow an 
unauthenticated remote attacker to execute arbitrary code on vulnerable 
installations of GWIA.

Resolution

This vulnerability is resolved in GroupWise 8.0.3 HP1 and GroupWise 2012 
Support Pack 1.
  
If you are not able to immediately update to GroupWise 8.03 HP1 or 2012 SP1, 
there are several options you can implement to work around the problem and 
secure your system: 

1. Disable the GWIA's WebConsole - preferred recommendation.
2. Block users from accessing the GWIA's WebConsole port (default 9850)

Previous versions of GroupWise are likely also vulnerable but are no longer 
supported. Customers on earlier versions of GroupWise should, at a minimum, 
upgrade their GWIA servers and associated Domains to version 8.0 Support Pack 
3 or 2012 SP1 in order to secure their system.

This vulnerability was discovered and reported by Francis Provencher, Protek 
Research Labs via Secunia SVCRP (http://www.secunia.com/), Secunia advisory 
SA50622.

Novell bug 746199, CVE-2012-0271

Status
Security Alert

Bug Number
746199

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE 
customers and parties interested in our products and solutions to acquire 
information, ideas and learn from one another. Materials are provided for 
informational, personal or non-commercial use within your organization and are
presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

- -------------------------------------------------------------------------------

Security Vulnerability: Cross-Site Scripting (XSS) issue in GroupWise WebAccess 
"merge" parameter

This document (7010368) is provided subject to the disclaimer at the end of 
this document.

Document ID:7010368

Creation Date:07-03-2012

Modified Date:09-14-2012

Environment

GroupWise 8.0x up to and including 8.02HP3

Situation

GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit in 
the "merge" parameter whereby an attacker could potentially insert arbitrary 
HTML and script code that will be executed in a user's browser session.

Resolution

To resolve this vulnerability, apply GroupWise 8.0 Support Pack 3 (or later).
 
Previous versions of GroupWise are likely also vulnerable but are no longer 
supported. Customers on earlier versions of GroupWise should, at a minimum, 
upgrade their WebAccess servers and associated Domains to version 8.0 Support 
Pack 3 in order to secure their system.

This vulnerability was discovered and reported by Joshua Tirago, Cirosec via 
Secunia SVCRP (http://www.secunia.com/), Secunia advisory SA45671

Novell bugs 702785,740563, CVE-2012-0272

Status
Security Alert

Bug Number
702785 740563

Internal Notes
NOTE: This TID should not be made public until the full release of GroupWise 
2012 SP1.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE 
customers and parties interested in our products and solutions to acquire 
information, ideas and learn from one another. Materials are provided for 
informational, personal or non-commercial use within your organization and 
are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUFq5Ju4yVqjM2NGpAQKZgBAAv03qI44j6herZvRpMx4OvSFvOEt0esbK
qEjHt4GiSSFY0h6pJ1JeNrGzKxaD5Gxx4zVimi7PVrWNVMFPWh1xikGZgyj/7SeP
ggBH3fQWatadIbHc0iJRqBTtHg08ryMAJytlP7NIY5CBUS+2e5VzTXNukEdV4t2k
co9bln5Txl1ZGeL31rL2oTMjXzPhmX/SfevSrO2rYfA8rKrOj3sX7CHf3sMoIBIu
YEd9KsU6ZJAWlV2DrJhoXqEsj9fz5RUVAmmjo/WPEcJbHLF+B/EZLCGBJHynC7rY
qz0vIG5nN9ULrtgfTTlgCDHw2CB6IbPUTExmtMlgcyUYlTxDaefZLfIiqh7MTfJG
7XEeLxU/fJMLdHnu631+rf/WdyvRkfaFHwlxO9QnXUCnxw6FpIC1RiN/15S3P1+2
5dMc7mj/MocYjWVsn0xbSsjZZc7MhaBkOfsqB3s3bZMPsYw14bq9THFWS2GcDnYX
0wnTMOwf4bxc4y+sTDaEwvNY2DCNj/MCfgMoBs05wZav6rRhalhJKafV+Xwe8Vbz
t3FSqEKlmkDEDEUi6LIe3e/jwINjakQa4Ikbvh6jCo2Pht3eISFOLgiJ9JtRyl/8
ui6z5wDtjMDUmN/L+u8n8HWW87n8woYRvndv07q3wkeZBW5A5Cv+yrrxWMqbwIJC
/p9XvelM4LM=
=jsEt
-----END PGP SIGNATURE-----