Environment
GroupWise 8.0x up to and including 8.02HP3
Situation
The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses time and date information within a received iCalendar message, which could potentially be exploited by an attacker to cause a Denial-of-Service (DoS) on vulnerable installations of GWIA.
Resolution
To resolve this vulnerability, apply GroupWise 8.0 Support Pack 3 (or later).
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIA servers and associated Domains to version 8.0 Support Pack 3 (or later) in order to secure their system.
This vulnerability was discovered and reported by Carsten Eiram, Secunia Research (http://www.secunia.com/), Secunia advisory SA45671.
Novell bug 733887, CVE-2011-3827
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIA servers and associated Domains to version 8.0 Support Pack 3 (or later) in order to secure their system.
This vulnerability was discovered and reported by Carsten Eiram, Secunia Research (http://www.secunia.com/), Secunia advisory SA45671.
Novell bug 733887, CVE-2011-3827
Status
Security AlertBug Number
733887