SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Novell GroupWise Vendors:   Novell
Novell GroupWise Flaw in Administration Service Lets Remote Users View and Delete Files
SecurityTracker Alert ID:  1030801
SecurityTracker URL:  http://securitytracker.com/id/1030801
CVE Reference:   CVE-2014-0600   (Links to External Site)
Date:  Sep 4 2014
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2014
Description:   A vulnerability was reported in Novell GroupWise. A remote user can view and delete files on the target system.

A remote user can supply a specially crafted 'poLibMaintenanceFileSave' parameter value to the 'FileUploadServlet' to exploit a flaw in 'gwadminservice' and view or delete files on the target system.

The vendor has assigned bug ID 879192 to this vulnerability.

Andrea Micalizzi, aka rgod, reported this vulnerability (via HP's Zero Day Initiative).

Impact:   A remote user can view and delete files on the target system.
Solution:   The vendor has issued a fix (GroupWise 2014 Suppport Pack 1 (SP1)).

The vendor's advisory is available at:

https://www.novell.com/support/kb/doc.php?id=7015566

Vendor URL:  www.novell.com/support/kb/doc.php?id=7015566 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC