=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN443
_____________________________________________________________________

DATE                      : 09/11/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Novell GroupWise versions 8
                                    prior to 8.02 Hot Patch.

======================================================================
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007152
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007151
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007153
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007154
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007155
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007157
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007158
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007159
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007156
______________________________________________________________________

Security Vulnerability - GroupWise 8 Internet Agent "Content-Type"
Multiple Value Parsing

This document (7007152) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 Internet Agent
Previous versions of GroupWise are likely also vulnerable but are no
longer supported.
Customers on earlier versions of GroupWise should, at a minimum, upgrade
their GWIAs and associated Domains to version 8.02HP in order to secure
their system.

Situation
The GroupWise Internet Agent (GWIA) has a vulnerability in the way that
it parses multiple values within the "Content-Type" header of a received
message, which could potentially allow an unauthenticated remote attacker
to execute arbitrary code on vulnerable installations of GWIA.

This vulnerability was discovered and reported by Anonymous working with
TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com),
ZDI-CAN-951

Novell bug 642336, CVE number pending

Resolution
To resolve this security issue, update GWIA to version 8.02 Hot Patch (or later).

Status
Security Alert

Bug Number 642336

Document
Document ID:	7007152
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark information.
______________________________________________________________________

Security Vulnerability - GroupWise 8 Internet Agent IMAP Remote Code
Execution Vulnerability

This document (7007151) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 Internet Agent
Previous versions of GroupWise are likely also vulnerable but are no
longer supported. Customers on earlier versions of GroupWise should,
at a minimum, upgrade their GWIAs and associated Domains to
version 8.02HP in order to secure their system.

Situation
The GroupWise Internet Agent has a vulnerability in its IMAP component
that could potentially allow an unauthenticated remote attacker to
execute arbitrary code on vulnerable installations of GWIA where
IMAP services are enabled.

This vulnerability was discovered and reported by Francis Provencher
working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com),
ZDI-CAN-846

Novell bug 647519, CVE number pending

Resolution
To resolve this security issue, update GWIA to version 8.02 Hot Patch (or later).

Status
Security Alert

Bug Number 647519

Document
Document ID:	7007151
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
________________________________________________________________________

Security Vulnerability - GroupWise 8 Internet Agent "Content-Type"
String Data Parsing

This document (7007153) is provided subject to the disclaimer at the end
of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 Internet Agent
Previous versions of GroupWise are likely also vulnerable but are no
longer supported. Customers on earlier versions of GroupWise should,
at a minimum, upgrade their GWIAs and associated Domains to
version 8.02HP in order to secure their system.

Situation
The GroupWise Internet Agent (GWIA) has a vulnerability in the way that
it parses string data within the "Content-Type" header of a received
message, which could potentially allow an unauthenticated remote
attacker to execute arbitrary code on vulnerable installations of GWIA.

This vulnerability was discovered and reported by Anonymous working
with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com),
ZDI-CAN-952

Novell bug 647757, CVE number pending

Resolution
To resolve this security issue, update GWIA to version 8.02 Hot Patch (or later).

Status
Security Alert

Bug Number 647757

Document
Document ID:	7007153
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell. Novell
makes all reasonable efforts to verify this information. However, the information
provided in this document is for your information only. Novell makes no
explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
_______________________________________________________________________

Security Vulnerability - GroupWise 8 Internet Agent "Content-Type" Number Parsing

This document (7007154) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 Internet Agent
Previous versions of GroupWise are likely also vulnerable but
are no longer supported. Customers on earlier versions of GroupWise
should, at a minimum, upgrade their GWIAs and associated Domains
to version 8.02HP in order to secure their system.

Situation
The GroupWise Internet Agent (GWIA) has a vulnerability in the way that
it parses numbers within the "Content-Type" header of a received message,
which could potentially allow an unauthenticated remote attacker to
execute arbitrary code on vulnerable installations of GWIA.

This vulnerability was discovered and reported by Anonymous working
with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com),
ZDI-CAN-953

Novell bug 642338, CVE number pending
Resolution
To resolve this security issue, update GWIA to version 8.02 Hot Patch (or later).

Status
Security Alert

Bug Number 642338

Document
Document ID:	7007154
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this
information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
_______________________________________________________________________

Security Vulnerability - GroupWise 8 Internet Agent VCALENDAR Variable Parsing

This document (7007155) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 Internet Agent
Previous versions of GroupWise are likely also vulnerable but
are no longer supported. Customers on earlier versions of GroupWise
should, at a minimum, upgrade their GWIAs and associated Domains to
version 8.02HP in order to secure their system.

Situation
The GroupWise Internet Agent (GWIA) has multiple vulnerabilities in
the way that it parses variables within a received VCALENDAR message,
which could potentially allow an unauthenticated remote attacker to
execute arbitrary code on vulnerable installations of GWIA.

These vulnerabilities were discovered and reported by Anonymous working
with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com),
ZDI-CAN-954,ZDI-CAN-960, ZDI-CAN-961

Novell bugs 642339, 642345, 642349, CVE numbers pending

Resolution
To resolve this security issue, update GWIA to version 8.02 Hot Patch (or later).

Status
Security Alert

Bug Number 642339 642345 642349

Document
Document ID:	7007155
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information.
However, the information provided in this document is for your
information only. Novell makes no explicit or implied claims to
the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
_______________________________________________________________________

Security Vulnerability - GroupWise Internet Agent Authenticated IMAP User
Remote Code Execution

This document (7007157) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 Internet Agent
Previous versions of GroupWise are likely also vulnerable but are no
longer supported. Customers on earlier versions of GroupWise should,
at a minimum, upgrade their GWIAs and associated Domains to
version 8.02HP in order to secure their system.

Situation
The GroupWise Internet Agent has a vulnerability that could potentially
allow an authenticated user to execute arbitrary code on vulnerable
installations of GWIA where IMAP services are enabled.

This vulnerability was discovered and reported by Francis Provencher
of Protek Research Lab (protekresearchlab.com)

Novell bug 635294, CVE number pending

Resolution
To resolve this security issue, update GWIA to version 8.02 Hot Patch (or later).

Status
Security Alert

Bug Number 635294

Document
Document ID:	7007157
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise
Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
_______________________________________________________________________

Security Vulnerability - GroupWise 8 WebPublisher Cross-Site Scripting (XSS)

This document (7007158) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 WebPublisher
Previous versions of GroupWise are likely also vulnerable but are
no longer supported. Customers on earlier versions of GroupWise
should, at a minimum, upgrade their GWIAs and associated Domains
to version 8.02HP in order to secure their system.

Situation
The WebPublisher component of GroupWise WebAccess is vulnerable to
a potential Cross-Site Scripting (XSS) exploit that could potentially
be used to redirect users to a malicious website.

This vulnerability was discovered and reported by Pat Bergoch at
Amerimark (http://www.amerimark.com/)

Novell bug 651159, CVE number pending

Resolution
To resolve this security issue, update GroupWise WebPublisher to
version 8.02 Hot Patch (or later).

Status
Security Alert

Bug Number 651159

Document
Document ID:	7007158
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
_______________________________________________________________________

Security Vulnerability - GroupWise 8 Agent HTTP Interfaces Remote Code Execution

This document (7007159) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 Message Transfer Agent (MTA)
Novell GroupWise 8 Post Office Agent (POA)
Novell GroupWise 8 Internet Agent (GWIA)
Novell GroupWise WebAccess Agent
Novell GroupWise Monitor Agent
Previous versions of GroupWise are likely also vulnerable but are
no longer supported. Customers on earlier versions of GroupWise
should, at a minimum, upgrade their GWIAs and associated Domains
to version 8.02HP in order to secure their system.

Situation
The HTTP interfaces for the GroupWise agents (Message Transfer Agent,
Post Office Agent, Internet Agent, WebAccess Agent, Monitor Agent) are
vulnerable to an exploit that could allow a remote attacker to execute
arbitrary code on vulnerable installations of Novell Groupwise.
Authentication is not required to exploit this vulnerability.


Resolution
Upgrade all GroupWise agents to version 8.02HP (or disable the
GroupWise agents' HTTP interfaces) in order to resolve this security issue.

This vulnerability was discovered and reported by Anonymous working
with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com),
ZDI-CAN-770

Novell bug 627942, CVE number pending

Status
Security Alert

Bug Number 627942

Document
Document ID:	7007159
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
_______________________________________________________________________

Security Vulnerability - GroupWise 8 WebAccess Arbitrary File Download
Vulnerability

This document (7007156) is provided subject to the disclaimer at the
end of this document.

Environment
Novell GroupWise 8
Novell GroupWise 8 WebAccess Agent
Novell GroupWise 8 Document Viewer Agent
Previous versions of GroupWise are likely also vulnerable
but are no longer supported. Customers on earlier versions
of GroupWise should, at a minimum, upgrade their GWIAs and
associated Domains to version 8.02HP in order to secure their system.

Situation
The GroupWise WebAccess Agent and Document Viewer Agent are
vulnerable to an exploit that could potentially allow arbitrary
files to be downloaded from the server.  Authentication is not
required to exploit this vulnerability.

This vulnerability was discovered by Mehul Revankar, reported
through Secunia (http://secunia.com/advisories/40820)

Novell bugs 638644, 638646, CVE number pending

Resolution
To resolve this security issue, update GroupWise WebAccess servers
(the Document Viewer Agent is installed as part of the WebAccess
setup) to version 8.02 Hot Patch (or later)

Status
Security Alert

Bug Number 638644 638646

Document
Document ID:	7007156
Creation Date:	11-04-2010
Modified Date:	11-08-2010
Novell Product:	GroupWise

Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.
======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================