abeNd.org - [SA29409] Novell GroupWise Windows Client API Security Bypass

User Functions
Username: Password: Don't have an account yet? Sign up as a New User Lost your password?

What's New
STORIES 1 new Stories in the last 1 day COMMENTS last 2 days No new comments TRACKBACKS last 2 days No new trackback comments LINKS last 2 weeks No recent new links

Who's Online
Guest Users: 2

Live Novell Chat
Live Novell Chat

Topics
Home Contracting (2/0) FAQ (1/0) NetWare (44/0) Certification (26/0) NDS/eDir (17/0) Administration (77/0) GroupWise (62/0) Linux/Open Source (277/0) Resources (16/0) General News (650/0) Security (179/0)

Poll
Best Virtualization Platform? XEN VMWare M$ Virtual Centre Other (please comment to identify) Results 70 votes \| 0 comments

Poll
Now that OES2 is out, what is your deployment strategy? ASAP, it is not downloading fast enough! Wait a few months Wait for SP1 There is still a killer feature we need (if so denote in the comments) Not at all OES2? Is that the next version of OS/2? Results 114 votes \| 0 comments

Poll
Is 2008 finally the year Linux sees a bigger gain of marketshare on the desktop? Yes. OEMs like Dell, HP and Lenovo selling Linux PCs, and better ATI driver support were the last major barriers to widespread adoption No. Issues such as a lack of a unified package manager, lack of ISV support and lack of third party apps still need to be overcome. Results 85 votes \| 2 comments

[SA29409] Novell GroupWise Windows Client API Security Bypass

Author:	kkbass
Dated:	Monday, March 17 2008 @ 08:40 PM EDT
Viewed:	116 times

TITLE:Novell GroupWise Windows Client API Security Bypass
SECUNIA ADVISORY ID:SA29409
VERIFY ADVISORY:http://secunia.com/advisories/29409/
CRITICAL:Less critical
IMPACT:Security Bypass, Exposure of sensitive information

WHERE:
From remote

SOFTWARE:
Novell Groupwise 6.x
http://secunia.com/product/86/
Novell GroupWise 7.x
http://secunia.com/product/5667/

DESCRIPTION:
A vulnerability has been reported in Novell GroupWise, which can be
exploited by malicious users to bypass certain security
restrictions.

The vulnerability is caused due to an error within the implementation
of shared folders in the GroupWise Windows client API. This can be
exploited to gain access to restricted emails from an accessible,
shared folder.

The vulnerability is reported in versions 6.5 and 7. Other versions
may also be affected.

SOLUTION:
Update to GroupWise 6.5 SP6 Update 3 or GroupWise 7 SP3, and lock
out older clients via ConsoleOne (see vendor advisory for further
details).

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

What's Related
http://secunia.com/advi... http://secunia.com/prod... http://secunia.com/prod... https://secure-support.... http://secunia.com/secu... http://secunia.com/abou... More by kkbass More from General News

Story Options
Mail Story to a Friend Printable Story Format

Trackback

Trackback URL for this entry: http://www.abend.org/trackback.php/2008031720403765

No trackback comments for this entry.

[SA29409] Novell GroupWise Windows Client API Security Bypass | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Welcome to abeNd.org - Novell News for IT Professionals Thursday, May 15 2008 @ 07:04 PM EDT

Trackback