[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 650/05 - Novell - GroupWise Password Caching [NOVL-2005-10098073]


- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 650/05 dated 18.08.05  Time: 16:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Novell - GroupWise Password Caching [NOVL-2005-10098073]


Hash: SHA1

For Immediate Disclosure

============================== Summary ==============================

 Security Alert: NOVL-2005-10098073
          Title: GroupWise Password Caching
           Date: 16-August-2005
       Revision: Original
   Product Name: GroupWise 5.x, 6.x
 OS/Platform(s): Windows and NetWare
  Reference URL: http://support.novell.com/servlet/tidfinder/10098073
    Vendor Name: Novell, Inc. 
     Vendor URL: http://www.novell.com
Security Alerts: http://support.novell.com/security-alerts 
        Affects: GroupWise Windows Clients & Proxies
    Identifiers: Bugtraq:13997, CVE:CAN-2005-2620, SECTRACK:1014247
        Credits: securityteam@xxxxxxxxxxxx

============================ Description ============================

The GroupWise client sometimes caches the user name and password in 
memory while it is running.

============================== Impact ===============================

A hostile user with administrative access to the machine where a user 
is logged in may dump memory and find username/password pairs of 
logged in users.

======================== Recommended Actions ========================
GW 7 was released with these fixes already applied, so no further
action is required for GroupWise 7 users.

Until the official release of GroupWise 6.5 SP5 in mid-September, 
customers wishing to apply Field Test Files (FTF) can download these 
from http://support.novell.com/filefinder/  and locate the latest 
GroupWise Agents and GroupWise Client FTFs.  Currently as of 
August 16, 2005 the filenames are fgw655h.exe for Agents and 
f32655f7e.exe for GW Client.  Both, FTFs will need to be applied 
to get the full fix. 

See detailed instructions in the referenced Technical Information 
Document (TID): http://support.novell.com/servlet/tidfinder/10098073 

============================ DISCLAIMER =============================

The content of this document is believed to be accurate at the time 
of publishing based on currently available information. However, the 
information is provided "AS IS" without any warranty or 
representation. Your use of the document constitutes acceptance of 
this disclaimer. Novell disclaims all warranties, express or 
implied, regarding this document, including the warranties of 
merchantability and fitness for a particular purpose. Novell is not 
liable for any direct, indirect, or consequential loss or damage 
arising from use of, or reliance on, this document or any security 
alert, even if Novell has been advised of the possibility of such 
damages and even if such damages are foreseeable.

============================ Appendices =============================


================ Contacting Novell Security Alerts ==================

To report suspected security vulnerabilities in Novell products, 
send email to

PGP users may send signed/encrypted information to us using our 
PGP key, available from the our website at: 


Novell Security Alerts, Novell, Inc. PGP Key Fingerprint:

3C6B 3F26 4E34 1ADF E27B D6C4 1AC8 9184 34D1 9739

========================= Revision History ==========================
       Original: 16-Aug-2005 - Original Publication

Version: GnuPG v1.2.4 (GNU/Linux)


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Novell for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

Version: PGP 8.0


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 

This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email