Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities

2009-05-25T00:00:00
ID SECURITYVULNS:DOC:21877
Type securityvulns
Reporter Securityvulns
Modified 2009-05-25T00:00:00

Description

VUPEN Security Research Advisory - VUPEN-SR-2009-01 // VUPEN-SR-2009-02

Advisory URL: http://www.vupen.com/english/advisories/2009/1393

May 22, 2009

I. BACKGROUND

Novell GroupWise is a complete collaboration software solution that provides information workers with e-mail, calendaring, instant messaging, task management, and contact and document management functions. The leading alternative to Microsoft Exchange, GroupWise has long been praised by customers and industry watchers for its security and reliability.

http://www.novell.com/products/groupwise/

II. DESCRIPTION

VUPEN Security discovered two critical vulnerabilities affecting Novell GroupWise 8.x and 7.x.

The first issue is caused due to a buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing specially crafted email addresses via SMTP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges.

The second vulnerability is caused due to a buffer overflow error in the Novell GroupWise Internet Agent (GWIA) when processing certain SMTP requests, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges.

III. AFFECTED PRODUCTS

Novell GroupWise version 7.03 HP2 and prior Novell GroupWise version 8.0.0 HP1 and prior

IV. Exploit Codes & PoC

Fully functional remote code execution exploit codes have been developed by VUPEN Security and are available through the VUPEN Exploits & PoCs Service.

http://www.vupen.com/exploits

V. SOLUTION

For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 3 (HP3) or later

For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 2 (HP2) or later

VI. CREDIT

These vulnerabilities were discovered by Nicolas JOLY of VUPEN Security

VII. REFERENCES

http://www.vupen.com/english/advisories/2009/1393 http://www.novell.com/support/viewContent.do?externalId=7003273&sliceId=1 http://www.novell.com/support/viewContent.do?externalId=7003272&sliceId=1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1636

VIII. DISCLOSURE TIMELINE

18/02/2009 - Vendor notified 18/02/2009 - Vendor response 21/05/2009 - Vendor issues fixed version 22/05/2009 - Coordinated public Disclosure