Novell GroupWise Network Directory Browsing Vulnerability
BID:2365
Info
Novell GroupWise Network Directory Browsing Vulnerability
| Bugtraq ID: | 2365 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 10 2001 12:00AM |
| Updated: | Feb 10 2001 12:00AM |
| Credit: | Discovered and posted to Bugtraq by Adam Gray <[email protected]> on Feb 10, 2001. |
| Vulnerable: |
Novell Groupwise 5.5 |
| Not Vulnerable: | |
Discussion
Novell GroupWise Network Directory Browsing Vulnerability
When a user creates a new message in GroupWise and attempts to attach a file, a window appears (similar to Windows Explorer) for the user to select a path to the desired file. Unfortunately GroupWise does not verify system policies and enables access to all shares located on the network.
When a user creates a new message in GroupWise and attempts to attach a file, a window appears (similar to Windows Explorer) for the user to select a path to the desired file. Unfortunately GroupWise does not verify system policies and enables access to all shares located on the network.
Exploit / POC
Novell GroupWise Network Directory Browsing Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Novell GroupWise Network Directory Browsing Vulnerability
Solution:
Novell is aware of this isse and recommends contacting Novell GroupWise Support (http://support.novell.com). This vulnerability will be addressed in sp3, a release date is not yet known.
Solution:
Novell is aware of this isse and recommends contacting Novell GroupWise Support (http://support.novell.com). This vulnerability will be addressed in sp3, a release date is not yet known.
References
Novell GroupWise Network Directory Browsing Vulnerability
References:
References:
- Groupwise 5.5 Tech Support Page (Novell)
- Novell GroupWise Homepage (Novell)