[19128] in bugtraq
Novell Groupwise Client Vulnerability
daemon@ATHENA.MIT.EDU (Adam Gray)
Sat Feb 10 19:51:08 2001
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=_C9927BB6.C9A8C09E"
Message-ID: <sa853826.056@groupwise.novacoast.com>
Date: Sat, 10 Feb 2001 12:44:32 -0800
Reply-To: Adam Gray <agray@NOVACOAST.COM>
From: Adam Gray <agray@NOVACOAST.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_C9927BB6.C9A8C09E
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Novell GroupWise Client read file/view vulnerability
gw5.5epsp2--file view problems--
OS Affected
Win 95/98/NT/2000/ME all sp levels
Programs Affected
GroupWise 5.5ep sp1
other versions of GroupWise 5 are probably vulnerable
Discussion
with zen polices or NT Polices installed properly on a windows machine =
GroupWise can view the file system while policies do not allow local =
access to view the files system of local or remote drives. The GroupWise =
client allows permission to see and call files on all drives. This does =
not change or proxy the rights of another user it simply allows them to =
see what policies should be hiding.
This problem was caused when Novell used an API that did not check with OS =
policies that have been applied to the user. This problem has been =
reported and confirmed by Novell Tech Support.
Exploit
Lock down a windows workstation with zen or NT Policies so you're not =
allowed to view local or remote hard drives. open GW. open new message. =
click attach. type in the drive letter you would like to view. You can see =
the whole drive and files. This can be useful for sending a copy of the =
local sam file on NT or browsing log files that are on the machine.
Solution
Contact Novell GroupWise Support for a file fix or GroupWise Client =
release sp3 will fix this issue.
Novell Support:
http://support.novell.com
Adam Gray
Chief Technology Officer
Novacoast International, Inc.
agray@novacoast.com
800-949-9933x4145
--=_C9927BB6.C9A8C09E
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Description: HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"=
>
<META content=3D"MSHTML 5.50.4611.1300" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px"=20
bgColor=3D#ffffff>
<DIV>Novell GroupWise Client read file/view vulnerability</DIV>
<DIV>gw5.5epsp2--file view problems--</DIV>
<DIV> </DIV>
<DIV>OS Affected</DIV>
<DIV>Win 95/98/NT/2000/ME all sp levels</DIV>
<DIV> </DIV>
<DIV>Programs Affected</DIV>
<DIV>GroupWise 5.5ep sp1</DIV>
<DIV>other versions of GroupWise 5 are probably vulnerable</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Discussion</DIV>
<DIV>with zen polices or NT Polices installed properly on a windo=
ws=20
machine GroupWise can view the file system while policies do not allow=
=20
local access to view the files system of local or remote drives. The =
GroupWise=20
client allows permission to see and call files on all drives. This =
does not=20
change or proxy the rights of another user it simply allows them to =
see=20
what policies should be hiding.</DIV>
<DIV> </DIV>
<DIV>This problem was caused when Novell used an API that did not check =
with OS=20
policies that have been applied to the user. This problem has been =
reported and=20
confirmed by Novell Tech Support.</DIV>
<DIV> </DIV>
<DIV><FONT>Exploit</FONT></DIV>
<DIV><FONT>Lock down a windows workstation with zen or NT Policies&nbs=
p;so=20
you're not allowed to view local or remote hard drives. open GW. =
open=20
new message. click attach. type in the drive letter you would like to =
view. You=20
can see the whole drive and files. This can be useful for sending a copy =
of the=20
local sam file on NT or browsing log files that are on the machine.</FONT><=
/DIV>
<DIV> </DIV>
<DIV>Solution</DIV>
<DIV>Contact Novell GroupWise Support for a file fix or GroupWise Client =
release=20
sp3 will fix this issue.</DIV>
<DIV> </DIV>
<DIV>Novell Support:</DIV>
<DIV><A href=3D"http://support.novell.com">http://support.novell.com</A></D=
IV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Adam Gray</DIV>
<DIV>Chief Technology Officer</DIV>
<DIV>Novacoast International, Inc.</DIV>
<DIV><A href=3D"mailto:agray@novacoast.com">agray@novacoast.com</A></DIV>
<DIV>800-949-9933x4145</DIV>
<DIV> </DIV></BODY></HTML>
--=_C9927BB6.C9A8C09E--
