Novell GroupWise Mobile Server Multiple Vulnerabilities

Bugtraq ID:	23889
Class:	Unknown
CVE:	CVE-2007-2592
Remote:	Yes
Local:	No
Published:	May 09 2007 12:00AM
Updated:	Jul 26 2007 11:05PM
Credit:	Johannes Greil discovered these issues.
Vulnerable:	Novell GroupWise Mobile Server 1.0
Not Vulnerable:	Novell GroupWise Mobile Server 1.0 HP1

Novell GroupWise Mobile Server Multiple Vulnerabilities

Novell GroupWise Mobile Server powered by Nokia Intellisync Mobile Suite is reported prone to multiple vulnerabilities. Reports indicate that these issues reside only in the bundled package; Nokia Intellisync Mobile Suite may not be affected on its own.

Successful attacks may allow an attacker to obtain sensitive information and carry out denial-of-service and cross-site scripting attacks.

Novell GroupWise Mobile Server 1.0 or other versions bundled with Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2 are vulnerable.

Novell GroupWise Mobile Server Multiple Vulnerabilities

Attackers can use a browser to exploit these issues.

Novell GroupWise Mobile Server Multiple Vulnerabilities

Solution:
The vendor has released a patch to address these issues. Please see the referenced vendor advisory for more information.


Novell GroupWise Mobile Server 1.0

• Novell gms10hp1.exe
  http://download.novell.com/Download?buildid=dJRKYml8TU4~

Novell GroupWise Mobile Server Multiple Vulnerabilities

References:

• Mobile Messaging with GroupWise Mobile Server, Powered by Intellisync (Novell)
  
• SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile (Johannes Greil )
  
• GroupWise Mobile Server 1.0 HP1 1.0 HP1 (Novell)