Technote: How to solve the GroupWise 7.0.2 vulnerability as fast and completely as possible
Novell has reported a vulnerability in GroupWise 7.0.2 and 6.5 SP6 that affects all clients and agents for GroupWise. Novell recommends to update all agents and clients as soon as possible to close this security hole.
The problem that many IT administrators face is that they have to deal with remote locations, laptops running GroupWise, multiple GroupWise systems, various platforms (Windows, Linux, Macintosh) and different clients (Windows Client, WebAccess, Outlook Connector, Linux and Macintosh clients).
Novell recommends updating all agents prior to updating all clients, and locking out all clients dated older than May 22, 2007. This is easy to do in a small installation, but if you have hundreds or thousands of users, it is very difficult to find all old clients. You can find more details about this security vulnerabilty here:
Redline can help you to analyze your GroupWIse Agent versions as well as all Client versions with this new Redline Business Report.
Before you can run this report, you need to install it on your Control Center server:
1. Copy "rlrep_vul702.nlm" (NetWare) or "rlrep_vul702.so" (Linux) to the folder "/opt/beginfinite/redline/bin"
2. Copy "Vulnerability702VersionCheck.xml" to the folder "/opt/beginfinite/redline/conf/reports"
3. Unload the Control Center.
You need to unload the Control Center for this report because it uses a binary file to analyze the agent versions.
4. Load the Control Center.
Now select this new Business Report in the Control Center:
Figure 1 - Selecting the new Business Report
The first part of the Report shows all GroupWise Domain Agents, Post Offices Agents, WebAccess Agents and Internet Agents which are not updated to 7.0.2 HP dated May 22nd , 2007 or newer.
Figure 2 - Part 1 of report
The second part lists all users and IP addresses from where someone logged into the system with a client that is not version 7.0.2 HP or newer.
Figure 3 - Part 2 of report
Based on this report you can update your remaining agents and clients.
As soon as all Agents and Clients are updated to the newer version, you should lock out older clients in ConsoleOne. This needs to be done for every Post Office in ConsoleOne.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.