SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Novell GroupWise Vendors:   Novell
GroupWise Internet Agent Buffer Overflows in SMTP Service Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022276
SecurityTracker URL:  http://securitytracker.com/id/1022276
CVE Reference:   CVE-2009-1636   (Links to External Site)
Date:  May 25 2009
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.03 HP2, 8.0.0 HP1; and prior service packs
Description:   A vulnerability was reported in GroupWise Internet Agent. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted e-mail address via SMTP or specially crafted SMTP requests to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the SYSTEM privileges.

The vendor was notified on February 18, 2009.

The original advisory is available at:

http://www.vupen.com/english/advisories/2009/1393

Nicolas JOLY of VUPEN Security reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system with SYSTEM privileges.
Solution:   The vendor has issued a fix (7.03 Hot Patch 3 (HP3), 8.0 Hot Patch 2 (HP2)).

The vendor's advisories are available at:

http://www.novell.com/support/viewContent.do?externalId=7003272
http://www.novell.com/support/viewContent.do?externalId=7003273

Vendor URL:  www.novell.com/support/viewContent.do?externalId=7003272 (Links to External Site)
Cause:   Boundary error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Fri, 22 May 2009 04:17:36 +0200
Subject:  Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities

VUPEN Security Research Advisory - VUPEN-SR-2009-01 // VUPEN-SR-2009-02

Advisory URL: http://www.vupen.com/english/advisories/2009/1393

May 22, 2009

I. BACKGROUND 
----------------------

Novell GroupWise is a complete collaboration software solution that
provides information workers with e-mail, calendaring, instant
messaging, task management, and contact and document management
functions. The leading alternative to Microsoft Exchange, GroupWise
has long been praised by customers and industry watchers for its
security and reliability.

http://www.novell.com/products/groupwise/


II. DESCRIPTION 
---------------------

VUPEN Security discovered two critical vulnerabilities affecting Novell
GroupWise 8.x and 7.x.

The first issue is caused due to a buffer overflow error in the Novell
GroupWise Internet Agent (GWIA) when processing specially crafted 
email addresses via SMTP, which could be exploited by remote
unauthenticated attackers to execute arbitrary code with SYSTEM
privileges.

The second vulnerability is caused due to a buffer overflow error in
the Novell GroupWise Internet Agent (GWIA) when processing certain
SMTP requests, which could be exploited by remote unauthenticated
attackers to execute arbitrary code with SYSTEM privileges.


III. AFFECTED PRODUCTS
---------------------------------

Novell GroupWise version 7.03 HP2 and prior
Novell GroupWise version 8.0.0 HP1 and prior 


IV. Exploit Codes & PoC
----------------------------

Fully functional remote code execution exploit codes have been
developed by VUPEN Security and are available through the
VUPEN Exploits & PoCs Service.

http://www.vupen.com/exploits


V. SOLUTION 
------------------

For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later

For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later


VI. CREDIT 
--------------

These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security


VII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2009/1393
http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1
http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636


VIII. DISCLOSURE TIMELINE 
-----------------------------------

18/02/2009 - Vendor notified
18/02/2009 - Vendor response
21/05/2009 - Vendor issues fixed version
22/05/2009 - Coordinated public Disclosure 





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC