ITS ADVISORY NUMBER:
Multiple Vulnerabilities in Novell GroupWise Could Allow Remote Code Execution
Multiple vulnerabilities have been discovered in Novell GroupWise that could allow for remote code execution. Novell GroupWise is a collaborative software product that includes: e-mail, calendars, instant messaging and document management. These vulnerabilities can be exploited if a user visits a specially crafted web page. Successful exploitation could allow an attacker to gain the same privileges as the affected user. An attacker could then install programs; view, change, or delete data; or create new accounts. Unsuccessful exploitation attempts may result in a denial-of-service.
- GroupWise Client for Windows 8.0x up to and including 8.0.3 HP1
- GroupWise Client for Windows 2012 up to and including 2012.0 SP1
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: N/A
Multiple vulnerabilities have been discovered in GroupWise that can lead to remote code execution due to an ActiveX exploit or untrusted pointer dereference errors.
The GroupWise Client for Windows has a vulnerability in the ActiveX Control that can be exploited when a user opens a specially crafted file or visits a specially crafted web page. The remote attacker could then execute arbitrary code on vulnerable installations of Novell GroupWise.
The GroupWise Client for Windows is vulnerable to multiple untrusted pointer dereference vulnerabilities. These untrusted pointer dereference vulnerabilities could then be exploited by a remote attacker to compromise a vulnerable system.
These vulnerabilities could be exploited via a specially crafted e-mail or specially crafted website. In the e-mail based scenario, the user would have to open the specially crafted file as an e-mail attachment. In the web based scenario, a user would visit a website and then open the specially crafted file that is hosted on the web page.
Successful exploitation could allow an attacker to gain the same privileges as the affected user. An attacker could then install programs; view, change, or delete data; or create new accounts. Unsuccessful exploitation attempts may result in a denial-of-service.
We recommend the following actions be taken:
- For GroupWise 8 users, apply GroupWise 8.0.3 Hot Patch 2 (or later) to vulnerable systems immediately after appropriate testing.
- For GroupWise 2012 users, apply GroupWise 2012 SP 1 Hot Patch 1 to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
Acting Chief Information Security Officer
- Cyber Security Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal