Search This Blog

Thursday, June 23, 2005

[NT] Novell GroupWise Plain Text Password Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Novell GroupWise Plain Text Password Vulnerability
------------------------------------------------------------------------

SUMMARY

<http://www.novell.com/products/groupwise/> GroupWise is "a workgroup
application suite offering electronic mail and diary scheduling from
Novell, Inc. It can operate on a number of server and workstation
platforms. Server platforms include NetWare, Linux, and Windows, while the
client software can run on Windows or Linux".

A vulnerability exists in the Novell GroupWise Windows client that allows
an attacker to retrieve the username and password used by the GroupWise
client.

DETAILS

Vulnerable Systems:
* Novell GroupWise Windows Client version 6.5.2, 6.0 and 5.5

The username and password can be dumped out of memory for the process
grpWise.exe while GroupWise is running. Using a tool such a pmdump to dump
the memory of the process the username and password are clearly visible in
plain text. This can be exploited remotely as well, by using pmdump with
something like psexe from Sysinternals.

Disclosure Timeline:
* 3.30.05 - Contacted Vendor
* 4.11.05 - Vendor duplicated problem
* 5.11.05 - Vendor released a patch
* 5.17.05 - Contacted Vendor and told them the patch did not work
* 5.20.05 - Vendor agreed patch does not fix the problem
* 6.20.05 - Have not heard from vendor in a month, so releasing this
information

ADDITIONAL INFORMATION

The information has been provided by <mailto:Securityteam@truedson.com>
Securityteam, truedson.com.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)