[ISN] Novell Patches Security Hole In GroupWise Server

From: InfoSec News (isnat_private)
Date: Wed Oct 17 2001 - 01:15:43 PDT

  • Next message: InfoSec News: "[ISN] GOVNET Wont Solve U.S. Government Internet Security Concerns"

    http://www.newsbytes.com/news/01/171160.html
    
    By Steven Bonisteel, Newsbytes
    PROVO, UTAH, U.S.A.,
    16 Oct 2001, 7:45 AM CST
     
    Novell Inc. [NASDAQ:NOVL] is urging users of its GroupWise software
    for messaging and collaboration to patch a security hole that could
    allow an intruder to view any file on a GroupWise server via the
    application's Web interface.
    
    The problem is found in the WebAccess system of the GroupWise 5.5
    Enhancement Pack and in the most-recent GroupWise 6 release, Novell
    said.
     
    However, since GroupWise, like the competing Microsoft Exchange
    server, is most often found behind the firewalls of corporate
    intranets, those who might exploit the security hole are most likely
    to come from a company's own disgruntled ranks.
    
    Discovered by Irvine, Calif., security company Foundstone, the
    GroupWise vulnerability is found in its script-driven interface for
    user access to e-mail and communal collaboration tools.
    
    Foundstone first discovered that supplying an invalid command to the
    GroupWise program Novell calls "webacc" will cause the server to
    reveal the full path to the directory in which the GroupWise system is
    installed.
    
    In addition, an unauthorized individual can view files anywhere on the
    server by passing to webacc a relative path to target file and the
    file name, followed by a specially encoded null character.
    
    In an advisory on its GroupWise support site, Novell pointed out that
    an attacker would have to know the exact location and name of the file
    he or she wanted to view.
    
    However, Foundstone suggested that the system's willingness to divulge
    its own installation directories would make it easier for a savvy
    hacker to find the GroupWise configuration files as well as any
    well-known system files that may be installed on the same logical
    drive.
    
    Novell has additional information and a patch for the problem online
    here: http://www.novell.com/products/groupwise
    
    Foundstone can be found here: http://www.foundstone.com
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 09:57:42 PDT