Security Vulnerability - GroupWise 8 Internet Agent HTTP Interface Stack Overflow

  • 7009210
  • 19-Aug-2011
  • 26-Apr-2012

Environment

Novell GroupWise 8
Novell GroupWise 8 Internet Agent
Affected versions: GroupWise 8.0x up to (and including) 8.02HP2

Situation

The HTTP interface of the GroupWise Internet Agent (GWIA) is vulnerable to an exploit whereby an attacker could potentially trigger a stack overflow and execute arbitrary code.  This vulnerability affects GWIA running on all supported server OS platforms (Windows, SuSE Linux, & NetWare).
 
This vulnerability was discovered and reported by Carsten Eiram with Secunia Research (http://www.secunia.com/, Secunia advisory SA43513#2)
 
CVE-2011-0334.

Resolution

To resolve this issue, apply GroupWise 8.0 Hot Patch 3 (HP3) or later.
 
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP3 in order to secure their system.

Status

Security Alert

Bug Number

678939