Environment
Novell GroupWise 8
Novell GroupWise 8 WebAccess Agent
Novell GroupWise 8 Document Viewer Agent
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP in order to secure their system.
Novell GroupWise 8 WebAccess Agent
Novell GroupWise 8 Document Viewer Agent
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP in order to secure their system.
Situation
The GroupWise WebAccess Agent and Document Viewer Agent are vulnerable to an exploit that could potentially allow arbitrary files to be downloaded from the server. Authentication is not required to exploit this vulnerability.
This vulnerability was discovered by Mehul Revankar, reported through Secunia (http://secunia.com/advisories/40820)
Novell bugs 638644, 638646, CVE number pending
This vulnerability was discovered by Mehul Revankar, reported through Secunia (http://secunia.com/advisories/40820)
Novell bugs 638644, 638646, CVE number pending
Resolution
To resolve this security issue, update GroupWise WebAccess servers (the Document Viewer Agent is installed as part of the WebAccess setup) to version 8.02 Hot Patch (or later)
Status
Security AlertBug Number
638644
638646