Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Novell GroupWise Multiple Vulnerabilities

-

Release Date:  2011-09-27    Last Update:  2013-04-30    Views:  3,371

Secunia Advisory SA43513

Where:

From remote

Impact:

Cross Site Scripting, DoS, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious users to conduct script insertion attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system and by malicious people to compromise a vulnerable system.

1) An integer truncation error exists in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses the "TZNAME" variable in vCalendar data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

2) A boundary error in GroupWise Internet Agent (gwia.exe) when handling requests for certain .css resources can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request to the HTTP interface (port 9850/TCP).

Successful exploitation of this vulnerability requires valid credentials to the service.

3) Input passed via the "Directory.Item.name" parameter when adding an organization to the address book, via the "Directory.Item.displayName" parameter when adding a new contact to the address book, and via the "Directory.Item.name" when adding a new resource to the address book is not properly sanitised in the WebAccess component before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

4) An unspecified error in GroupWise Internet Agent can be exploited to crash the service via specially crafted data.

5) An array-indexing error exists in NgwIRecurByWeekdayParam::bywdaylist() when GroupWise Internet Agent parses vCalendar data containing a comma-separated list of values for the BYDAY property in a calendar recurrence (RRULE). This can be exploited to cause heap-based buffer overflows via a specially crafted e-mail containing a malicious iCal file.

6) An indexing error in GroupWise Internet Agent when handling the BYWEEKNO property of a weekly calendar recurrence (RRULE) can be exploited to cause a memory corruption via a specially crafted e-mail containing a malicious iCal file.

7) An array-indexing error exists in NgwIRecurParam::integerList() when GroupWise Internet Agent parses vCalendar data containing a calendar recurrence (RRULE) property that supports a comma-separated list of values (i.e. BYMONTH, BYMONTHDAY, BYSECOND, BYHOUR, BYYEARDAY, BYWEEKNO, and BYSETPOS). This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing a malicious iCal file.

Successful exploitation of vulnerabilities #5, #6, and #7 may allow execution of arbitrary code.

8) The software bundles a vulnerable version of Oracle "Outside In" technology for viewing of various file attachments.

For more information:
SA44295
SA45297

The vulnerabilities are reported in version 8.0.2 HP2. Prior versions may also be affected.


Solution:
Update to version 8.02 Hot Patch 3 or later.

Provided and/or discovered by:
1) Independently discovered by Carsten Eiram, Secunia Research and an anonymous person via iDefense.
2) Carsten Eiram, Secunia Research.
3) Joshua Tiago, Cirosec via Secunia.
4) The vendor credits James Ogden, Salford Software.
5) An anonymous person via ZDI and an anonymous person via iDefense.
6) An anonymous person via iDefense.
7) An anonymous person via iDefense.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2011-66/
http://secunia.com/secunia_research/2011-67/

Novell:
http://www.novell.com/support/viewContent.do?externalId=7009208
http://www.novell.com/support/viewContent.do?externalId=7009210
http://www.novell.com/support/viewContent.do?externalId=7009214
http://www.novell.com/support/viewContent.do?externalId=7006378
http://www.novell.com/support/viewContent.do?externalId=7009212
http://www.novell.com/support/viewContent.do?externalId=7009215
http://www.novell.com/support/viewContent.do?externalId=7009216
http://www.novell.com/support/viewContent.do?externalId=7009207
http://www.novell.com/support/viewContent.do?externalId=7009213

iDefense:
https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943
https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944
https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=945
https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=947

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-285/
http://www.zerodayinitiative.com/advisories/ZDI-11-286/

iDefense:
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?loc=en_US&id=943
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?loc=en_US&id=944
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?loc=en_US&id=945
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?loc=en_US&id=946
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?loc=en_US&id=947

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Novell GroupWise Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability