Monday, March 17, 2008 11:42 AM
cmosby
Novell GroupWise Windows Client API Security Bypass - Advisories - Secunia
Novell GroupWise Windows Client API Security Bypass
Secunia Advisory:
SA29409
Release Date:
2008-03-17
Critical:
Less critical
Impact:
Security Bypass
Exposure of sensitive information
Where:
From remote
Solution Status:
Vendor Patch
Software:
Novell Groupwise 6.x
Novell GroupWise 7.x
CVE reference:
CVE-2008-1330 (Secunia mirror)
Description:
A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to an error within the implementation of shared folders in the GroupWise Windows client API. This can be exploited to gain access to restricted emails from an accessible, shared folder.
The vulnerability is reported in versions 6.5 and 7. Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to GroupWise 6.5 SP6 Update 3 or GroupWise 7 SP3, and lock out older clients via ConsoleOne (see vendor advisory for further details).
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
https://secure-support.novell.com/Kan...lishing/732/3263374_f.SAL_Public.html
Source: Novell GroupWise Windows Client API Security Bypass - Advisories - Secunia
Filed under: Patch Management, Security, Configuration Management