MS-ISAC ADVISORY NUMBER:
Vulnerability in Novell GroupWise Internet Agent Could Lead to Remote Code Execution
Novell GroupWise is a collaborative software product, which includes email, calendars, instant messaging and document management. A vulnerability has been discovered in Novell GroupWise Internet Agent. The GroupWise Internet Agent (GWIA) is a server component that provides communication to other email systems and conversion of email messages to GroupWise format. Successful exploitation could allow an attacker to gain SYSTEM-level privileges. An attacker could then install programs; view, change, or delete data; or create new accounts. Unsuccessful exploitation attempts may result in a denial of service.
- Novell GroupWise Internet Agent
- Novell GroupWise 8.02 HP2 and earlier
- Novell GroupWise 7.04 and earlier
- Novell GroupWise 6.5 and earlier
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: N/A
Novell has confirmed the existence of a buffer-overflow vulnerability in Novell GroupWise Internet Agent that may allow remote code execution with SYSTEM-level privileges. The GroupWise Internet Agent (GWIA) provides communication to other email systems and conversion of email messages to GroupWise format. The vulnerability occurs due to the way the Internet Agent processes 'VCALENDAR' data included in an email message, specifically the 'REQUEST STATUS' variable. The vulnerability exists within the 'gwwww1.dll' module responsible for parsing 'VCALENDAR' data within messages. Exploitation occurs when a user views a carefully crafted malicious message. Successful exploitation of the vulnerability will lead to a completely compromised system. Unsuccessful exploitation attempts may result in a denial of service. Exploit code is not publically available at this time. Novell has supplied updates which fix this vulnerability.
We recommend the following actions be taken:
- Apply appropriate updates provided by Novell to vulnerable systems immediately after appropriate testing
Zero Day Initiative: