Novell GroupWise多个远程安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183870 漏洞类型 跨站脚本
发布时间 2009-01-30 更新时间 2009-01-30
CVE编号 CVE-2009-0273 CNNVD-ID CNNVD-200902-680
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/33541
https://cxsecurity.com/issue/WLB-2009020093
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-680
|漏洞详情
NovellGroupWise是美国Novell公司的一套协作通讯系统。该系统提供了电子邮件、日程安排、即时通讯、任务管理、文档管理以及联系人管理等协作通讯服务。NovellGroupWise的实现上存在多个安全漏洞,可导致跨站脚本执行及过程指令执行等各种安全威胁。/gw/webacc中的User.idtLibrary.queryText的参数数据没有经过充分检查过滤就返回给了用户浏览器,可能导致跨站脚本执行攻击。
|漏洞EXP
PR08-22: Persistent XSS on Novell GroupWise WebAccess

Vulnerability found: 2nd October 2008

Vendor contacted: 3rd October 2008

Advisory publicly released:  30th January 2009

Severity: High

Credits: Jan Fry of ProCheckUp Ltd (www.procheckup.com). ProCheckUp
thanks Novell for working with us in such a professional manner.

Successfully tested on: Novell GroupWise WebAcess 7.0.3

Novell has confirmed the following versions to be affected by this
vulnerability:

GroupWise 6.5x
GroupWise 7.0, 7.01, 7.02x, 7.03
GroupWise 8.0 (shipping 8.0 release only)

CVE reference: CVE-2009-0273

Description:

Novell GroupWise Webaccess (7.0.3) is vulnerable to a *persistent* XSS
via HTML email or HTML attachments.

Proof of concept:

_As kindly requested by Novell, ProCheckUp will delay publication of the
PoC details to allow GroupWise customers time to apply the recommended
security patches._

Consequences:

An attacker may be able to cause execution of malicious scripting code
in the browser of any user. Such code would run within the security
context of the target domain.

This type of attack can result in a persistent defacement of the target
site, or the redirection of confidential information (i.e.: session IDs,
address books, emails) to unauthorised third parties.

Since this XSS is of persistent nature, the user wouldn't have to be
tricked to visit a specially-crafted URL, but just read an e-mail.

References:

http://www.procheckup.com/vulnerability_manager
http://en.wikipedia.org/wiki/Cross-site_scripting

Fix:
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7
002320

Legal:

Copyright 2009 ProCheckUp Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if the Bulletin is not changed or edited in any way, is attributed
to ProCheckUp indicating this web page URL, and provided such
reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. ProCheckUp is not
liable for any misuse of this information by any third party. ProCheckUp
is not responsible for the content of external Internet sites.
|受影响的产品
Novell Groupwise 7.0 Novell Groupwise 8.0 HP1 Novell Groupwise 8.0 Novell Groupwise 7.03HP1a Novell Groupwise 7.03 HP2 Novell Groupwise 7.03 Novell Group
|参考资料

来源:BID
名称:33541
链接:http://www.securityfocus.com/bid/33541
来源:BID
名称:33537
链接:http://www.securityfocus.com/bid/33537
来源:BUGTRAQ
名称:20090130PR08-23:XSSonNovellGroupWiseWebAccess
链接:http://www.securityfocus.com/archive/1/archive/1/500575/100/0/threaded
来源:BUGTRAQ
名称:20090130PR08-22:PersistentXSSonNovellGroupWiseWebAccess
链接:http://www.securityfocus.com/archive/1/archive/1/500572/100/0/threaded
来源:MISC
链接:http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-23
来源:MISC
链接:http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-22
来源:www.novell.com
链接:http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002321
来源:www.novell.com
链接:http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002320
来源:SECUNIA
名称:33744
链接:http://secunia.com/advisories/33744