<<< Date Index >>>     <<< Thread Index >>>

Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities



VUPEN Security Research Advisory - VUPEN-SR-2009-01 // VUPEN-SR-2009-02

Advisory URL: http://www.vupen.com/english/advisories/2009/1393

May 22, 2009

I. BACKGROUND ----------------------

Novell GroupWise is a complete collaboration software solution that
provides information workers with e-mail, calendaring, instant
messaging, task management, and contact and document management
functions. The leading alternative to Microsoft Exchange, GroupWise
has long been praised by customers and industry watchers for its
security and reliability.

http://www.novell.com/products/groupwise/


II. DESCRIPTION ---------------------

VUPEN Security discovered two critical vulnerabilities affecting Novell
GroupWise 8.x and 7.x.

The first issue is caused due to a buffer overflow error in the Novell
GroupWise Internet Agent (GWIA) when processing specially crafted email addresses via SMTP, which could be exploited by remote
unauthenticated attackers to execute arbitrary code with SYSTEM
privileges.

The second vulnerability is caused due to a buffer overflow error in
the Novell GroupWise Internet Agent (GWIA) when processing certain
SMTP requests, which could be exploited by remote unauthenticated
attackers to execute arbitrary code with SYSTEM privileges.


III. AFFECTED PRODUCTS
---------------------------------

Novell GroupWise version 7.03 HP2 and prior
Novell GroupWise version 8.0.0 HP1 and prior

IV. Exploit Codes & PoC
----------------------------

Fully functional remote code execution exploit codes have been
developed by VUPEN Security and are available through the
VUPEN Exploits & PoCs Service.

http://www.vupen.com/exploits


V. SOLUTION ------------------

For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later

For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later


VI. CREDIT --------------

These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security


VII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2009/1393
http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1
http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636


VIII. DISCLOSURE TIMELINE -----------------------------------

18/02/2009 - Vendor notified
18/02/2009 - Vendor response
21/05/2009 - Vendor issues fixed version
22/05/2009 - Coordinated public Disclosure