CIS CYBER SECURITY ADVISORIES
MS-ISAC CYBER SECURITY ADVISORY NUMBER:
Multiple Vulnerabilities in Novell GroupWise Could Allow Remote Code Execution
Multiple vulnerabilities have been discovered in Novell GroupWise that could allow for remote code execution. Novell GroupWise is a collaborative software product that includes: email, calendars, instant messaging and document management.
Successful exploitation could allow an attacker to gain the same privileges as the affected user. An attacker could then install programs; view, change, or delete data; or create new accounts. Unsuccessful exploitation attempts may result in a denial of service.
- GroupWise Client for Windows 8.0x up to and including 8.0.3 HP1
- GroupWise Client for Windows 2012 up to and including 2012.0 SP1
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: N/A
Multiple vulnerabilities have been discovered in GroupWise that can lead to remote code execution due to untrusted pointer dereference errors.
An ActiveX Control vulnerability in GroupWise Client for Windows can be exploited by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on vulnerable installations of Novell GroupWise.
A vulnerability in GroupWise Client for Windows due to multiple untrusted pointer dereference vulnerabilities could be exploited by a remote attacker to compromise a vulnerable system.
These vulnerabilities could be exploited via a specially crafted email or malicious website. In the email-based scenario, the user would have to open the specially crafted file as an email attachment. In the Web based scenario, a user would visit a website and then open the specially crafted file that is hosted on the page.
Successful exploitation could allow an attacker to gain the same privileges as the affected user that could allow an attacker to make critical system modifications. An attacker could then install programs; view, change, or delete data; or create new accounts. Unsuccessful exploitation attempts may result in a denial of service.
We recommend the following actions be taken:
- For GroupWise 8 users, apply GroupWise 8.0.3 Hot Patch 2 (or later) to vulnerable systems immediately after appropriate testing.
- For GroupWise 2012 users, apply GroupWise 2012 SP 1 Hot Patch 1 to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.