MS-ISAC ADVISORY NUMBER:
Novell GroupWise is Prone to a Directory-Traversal Vulnerability
A vulnerability has been discovered in Novell GroupWise that could allow an attacker to obtain sensitive information that could aid in further attacks. Novell GroupWise is a collaborative software product that includes email, calendars, instant messaging, and document management. Successful exploitation of this vulnerability could result in an attacker gaining access to files and directories in the context of the application.
- Novell GroupWise 8.0 Support Pack 2 0
- Novell Groupwise 8.02 HP3
- Novell Groupwise 8.02 HP2
- Novell Groupwise 8.02 HP1
- Novell Groupwise 8.02
- Novell Groupwise 8.01x
- Novell Groupwise 8.0 SP2
- Novell Groupwise 8.0 SP1
- Novell Groupwise 8.0 HP3
- Novell Groupwise 8.0 HP2
- Novell Groupwise 8.0 HP1
- Novell Groupwise 8.0
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: Low
A vulnerability has been discovered in Novell GroupWise that could allow an attacker to obtain sensitive information that could aid in further attacks. This vulnerability exists because the GroupWise WebAccess interface does not properly sanitize user-supplied input submitted to the User.interface parameter. To exploit this vulnerability, an attacker creates a specially crafted URL containing directory traversal sequences (such as ../), and submits it to the Groupwise WebAccess interface. Successful exploitation could occur if the version of GroupWise that is implemented is between 8.0x and 8.02 HP3 and read access is available to the file for the GroupWise WebAccess application (such as a web browser).
Successful exploitation could result in unauthorized access to directories and files in the context of the application. An attackercould then use the information gathered for further attacks.
We recommend the following actions be taken:
- Apply appropriate patches provided by Novell to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.