Novell Home

My Favorites

Close

Please to see your favorites.

Security Vulnerability - GroupWise Internet Agent (GWIA) Denial-of-Service (DoS) Issue

This document (7006378) is provided subject to the disclaimer at the end of this document.

Environment

Novell GroupWise 8
Novell GroupWise 8 Internet Agent
GroupWise 8.0x up to (and including) 8.02HP2

Situation

The Novell GroupWise Internet Agent (GWIA) is vulnerable to a DoS exploit whereby an attacker could potentially cause the application to crash by inputting certain data.

This vulnerability was discovered and reported by James Ogden - Salford Software (http://www.salfordsoftware.co.uk/)

CVE-2011-2218, CVE-2011-2219

Resolution

To resolve this issue, apply GroupWise 8.0 Hot Patch 3 (HP3) or later.
 
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP3 in order to secure their system.

Status

Security Alert

Bug Number

582471

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7006378
  • Creation Date:30-JUN-10
  • Modified Date:26-APR-12
    • NovellGroupWise

Did this document solve your problem? Provide Feedback