Novell GroupWise allows user to bypass policies and view files
| novell-groupwise-bypass-policies (6089) |  Medium Risk |
Description:
Novell GroupWise could allow an attacker to bypass policies and view any file on the system when zen or NT policies are installed. Novell uses an API that improperly checks with operating system policies configured for the user. An attacker can use this vulnerability to view any file on the system.
Consequences:
File Manipulation
Remedy:
Upgrade to the latest version of Novell GroupWise client (5.5ep Support Pack 3 or later), available from the Novell Web site. See References.
— OR —
Contact Novell GroupWise Support for a file fix. See References.
References:
- BugTraq Mailing List, Sat Feb 10 2001 - 14:44:32 CST: Novell Groupwise Client Vulnerability.
- Novell Web site: GroupWise 5.5 Enhancement Pack.
- Novell Web site: Support.
- CVE-2001-0355: Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
Platforms Affected:
- Novell GroupWise 5.5 SP1
- Novell GroupWise 5.5 SP2
Reported:
Feb 10, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net