Novell Groupwise Client Vulnerability

[Adam Gray <agray () NOVACOAST COM>]

Novell GroupWise Client read file/view vulnerability
gw5.5epsp2--file view problems--

OS Affected
Win 95/98/NT/2000/ME all sp levels

Programs Affected
GroupWise 5.5ep sp1
other versions of GroupWise 5 are probably vulnerable


Discussion
with zen polices or NT Polices installed properly on a windows machine GroupWise can view the file system while 
policies do not allow local access to view the files system of local or remote drives. The GroupWise client allows 
permission to see and call files on all drives. This does not change or proxy the rights of another user it simply 
allows them to see what policies should be hiding.

This problem was caused when Novell used an API that did not check with OS policies that have been applied to the user. 
This problem has been reported and confirmed by Novell Tech Support.

Exploit
Lock down a windows workstation with zen or NT Policies so you're not allowed to view local or remote hard drives. open 
GW. open new message. click attach. type in the drive letter you would like to view. You can see the whole drive and 
files. This can be useful for sending a copy of the local sam file on NT or browsing log files that are on the machine.

Solution
Contact Novell GroupWise Support for a file fix or GroupWise Client release sp3 will fix this issue.

Novell Support:
http://support.novell.com



Adam Gray
Chief Technology Officer
Novacoast International, Inc.
agray () novacoast com
800-949-9933x4145