http://www.newsbytes.com/news/01/171160.html By Steven Bonisteel, Newsbytes PROVO, UTAH, U.S.A., 16 Oct 2001, 7:45 AM CST Novell Inc. [NASDAQ:NOVL] is urging users of its GroupWise software for messaging and collaboration to patch a security hole that could allow an intruder to view any file on a GroupWise server via the application's Web interface. The problem is found in the WebAccess system of the GroupWise 5.5 Enhancement Pack and in the most-recent GroupWise 6 release, Novell said. However, since GroupWise, like the competing Microsoft Exchange server, is most often found behind the firewalls of corporate intranets, those who might exploit the security hole are most likely to come from a company's own disgruntled ranks. Discovered by Irvine, Calif., security company Foundstone, the GroupWise vulnerability is found in its script-driven interface for user access to e-mail and communal collaboration tools. Foundstone first discovered that supplying an invalid command to the GroupWise program Novell calls "webacc" will cause the server to reveal the full path to the directory in which the GroupWise system is installed. In addition, an unauthorized individual can view files anywhere on the server by passing to webacc a relative path to target file and the file name, followed by a specially encoded null character. In an advisory on its GroupWise support site, Novell pointed out that an attacker would have to know the exact location and name of the file he or she wanted to view. However, Foundstone suggested that the system's willingness to divulge its own installation directories would make it easier for a savvy hacker to find the GroupWise configuration files as well as any well-known system files that may be installed on the same logical drive. Novell has additional information and a patch for the problem online here: http://www.novell.com/products/groupwise Foundstone can be found here: http://www.foundstone.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 09:57:42 PDT