Novell GroupWise Multiple Vulnerabilities
Last Update Date:
27 Sep 2011 12:26
Release Date:
27 Sep 2011
5848
Views
RISK: High Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in Novell GroupWise, which can be exploited by malicious people to conduct cross-site scripting attacks, denial of service attack and compromise a user's system.
- The GroupWise Internet Agent (GWIA) is vulnerable to a DoS exploit whereby an attacker could potentially cause the application to crash by inputting certain data.
- A vulnerability exists in the Oracle "Outside In" technology used by GroupWise to view Microsoft DOCX, Lotus 123 and Microsoft CAB file attachments that could potentially allow an unauthenticated attacker could execute arbitrary code.
- The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses the time zone description (TZNAME) variable within a received VCALENDAR message, which could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
- The HTTP interface of the GroupWise Internet Agent (GWIA) is vulnerable to an exploit whereby an attacker could potentially trigger a stack overflow and execute arbitrary code.
- The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses a weekday, weekly or yearly calendar recurrence (RRULE) variable within a received VCALENDAR message. The vulnerability could could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
- GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit in the "Directory.Item.name" parameter whereby an attacker could potentially insert arbitrary HTML and script code that will be executed in a user's browser session.
Impact
- Cross-Site Scripting
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Novell GroupWise 8.0x, 8.01x, 8.02HP1, 8.02HP2.
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Upgrade to GroupWise 8.0 Service Pack 2 Hot Patch 3
http://download.novell.com/Download?buildid=gBjwGIdt77s~
Vulnerability Identifier
- CVE-2010-4325
- CVE-2011-0333
- CVE-2011-0334
- CVE-2011-2218
- CVE-2011-2219
- CVE-2011-2661
- CVE-2011-2662
- CVE-2011-2663
Source
Related Link
Share with