Environment
Novell GroupWise 6.5x
Novell GroupWise 7.0
Novell GroupWise 7.01
Novell GroupWise 7.02
Novell GroupWise 7.03
Novell GroupWise 7.03HP1a
Novell GroupWise 8.0 (shipping 8.0 release only)
Situation
A vulnerability exists in the Novell GroupWise Internet Agent (GWIA) that could potentially allow a remote attacker to use malformed arguments to execute arbitrary code on a server running GWIA. This vulnerability was discovered and reported by Nick DeBaggis working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com), ZDI-CAN-384
Resolution
To resolve this issue:
For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 2 (HP2) or later
For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 1 (HP1) or later
GroupWise 6.5x is End-of-Life. GroupWise 6.5 systems will need to be upgraded to GroupWise 7.03 HP2 or 8.0 HP1
For GroupWise 7.x systems, apply GroupWise 7.03 Hot Patch 2 (HP2) or later
For GroupWise 8.0 systems, apply GroupWise 8.0 Hot Patch 1 (HP1) or later
GroupWise 6.5x is End-of-Life. GroupWise 6.5 systems will need to be upgraded to GroupWise 7.03 HP2 or 8.0 HP1