Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities
VUPEN Security Research Advisory - VUPEN-SR-2009-01 // VUPEN-SR-2009-02
Advisory URL: http://www.vupen.com/english/advisories/2009/1393
May 22, 2009
I. BACKGROUND
----------------------
Novell GroupWise is a complete collaboration software solution that
provides information workers with e-mail, calendaring, instant
messaging, task management, and contact and document management
functions. The leading alternative to Microsoft Exchange, GroupWise
has long been praised by customers and industry watchers for its
security and reliability.
http://www.novell.com/products/groupwise/
II. DESCRIPTION
---------------------
VUPEN Security discovered two critical vulnerabilities affecting Novell
GroupWise 8.x and 7.x.
The first issue is caused due to a buffer overflow error in the Novell
GroupWise Internet Agent (GWIA) when processing specially crafted
email addresses via SMTP, which could be exploited by remote
unauthenticated attackers to execute arbitrary code with SYSTEM
privileges.
The second vulnerability is caused due to a buffer overflow error in
the Novell GroupWise Internet Agent (GWIA) when processing certain
SMTP requests, which could be exploited by remote unauthenticated
attackers to execute arbitrary code with SYSTEM privileges.
III. AFFECTED PRODUCTS
---------------------------------
Novell GroupWise version 7.03 HP2 and prior
Novell GroupWise version 8.0.0 HP1 and prior
IV. Exploit Codes & PoC
----------------------------
Fully functional remote code execution exploit codes have been
developed by VUPEN Security and are available through the
VUPEN Exploits & PoCs Service.
http://www.vupen.com/exploits
V. SOLUTION
------------------
For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later
For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later
VI. CREDIT
--------------
These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security
VII. REFERENCES
----------------------
http://www.vupen.com/english/advisories/2009/1393
http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1
http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636
VIII. DISCLOSURE TIMELINE
-----------------------------------
18/02/2009 - Vendor notified
18/02/2009 - Vendor response
21/05/2009 - Vendor issues fixed version
22/05/2009 - Coordinated public Disclosure