Security Vulnerability (buffer overflow) with GroupWise Internet Agent

  • 7002502
  • 29-Jan-2009
  • 08-Nov-2012

Environment

Novell GroupWise 6.5x
Novell GroupWise 7.0
Novell GroupWise 7.01
Novell GroupWise 7.02
Novell GroupWise 7.03
Novell GroupWise 7.03HP1a
Novell GroupWise 8.0 (shipping 8.0 release only)
 

Situation

A vulnerability exists in the Novell GroupWise Internet Agent (GWIA) that could potentially allow a remote attacker to use malformed arguments to execute arbitrary code on a server running GWIA.  This vulnerability was discovered and reported by Nick DeBaggis working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com), ZDI-CAN-384

Resolution

To resolve this issue:
For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 2 (HP2) or later
For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 1 (HP1) or later
GroupWise 6.5x is End-of-Life.  GroupWise 6.5 systems will need to be upgraded to GroupWise 7.03 HP2 or 8.0 HP1

Status

Security Alert