|
|
|
|
| |
Credit:
The information has been provided by ProCheckUp Research.
|
| |
Vulnerable Systems:
* Novell GroupWise WebAcess version 7.0.3
* Novell GroupWise version 6.5x
* Novell GroupWise version 7.0, version 7.01, version 7.02x
* Novell GroupWise version 8.0 (shipping 8.0 release only)
Novell WebAccess is vulnerable to CSRF.
Any HTTP request can be successfully forged which means that any configuration settings can be changed on behalf of the victim user by tricking him to either:
* visit a page
* click on a link
* view the content of an email (HTML body or attachment)
Perhaps, the most interesting CSRF attack that can be carried out is installing a persistent backdoor which forwards received emails to the attacker. By forging the requests that adds a new forwarding rule, a copy of any email sent to the victim user will be sent to the attacker's inbox.
All the attacker needs to do is email the victim with a malicious link and trick him to click on it. Alternatively, the CSRF attack can be triggered by simply viewing an email sent by the attacker.
Consequences:
Attackers can steal emails, deface email signatures, etc ...
References:
http://www.novell.com/documentation/gw7/gw7_userweb/index.html?page=/documentation/gw7/gw7_userweb/data/using_rules.html
Fix:
Novell has issued a patch that is available for download from:
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319
CVE Information:
CVE-2009-0272
|
|
|
|
|
