Novell GroupWise

ソフト名：Novell GroupWise 8.0.2 HP2 (Oracle Outside In Technology 8.3.2.0/8.3.5.0)

回避策：8.02 Hot Patch 3以降へのアップデートにて対応

脆弱性：XSS, DoS攻撃, システムアクセス, スクリプト挿入攻撃, 整数切り捨てエラー, バッファオーバーフロー, リモートコード実行, バウンダリエラー, 不正HTMLの挿入, 不特定のエラー, クラッシュ

ソース：

http://www.novell.com/products/groupwise/

http://secunia.com/secunia_research/2011-66/

http://secunia.com/secunia_research/2011-67/

http://www.novell.com/support/viewContent.do?externalId=7009208

http://www.novell.com/support/viewContent.do?externalId=7009210

http://www.novell.com/support/viewContent.do?externalId=7009214

http://www.novell.com/support/viewContent.do?externalId=7006378

http://www.novell.com/support/viewContent.do?externalId=7009212

http://www.novell.com/support/viewContent.do?externalId=7009215

http://www.novell.com/support/viewContent.do?externalId=7009216

http://www.novell.com/support/viewContent.do?externalId=7009207

http://www.novell.com/support/viewContent.do?externalId=7009213

http://secunia.com/advisories/44295/

http://secunia.com/advisories/45297/

http://secunia.com/advisories/43513/

http://dvw-j.blogspot.com/2011/04/oracle-outside-in-technology.html

http://dvw-j.blogspot.com/2011/07/oracle-outside-in-technology.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4325

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0333

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0334

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2218

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2219

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2661

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2662

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2663

CVE：CVE-2010-4325, CVE-2011-0333, CVE-2011-0334, CVE-2011-2218, CVE-2011-2219, CVE-2011-2661, CVE-2011-2662, CVE-2011-2663

危険性：High Risk

Novell GroupWise

ソフト名：Novell GroupWise 8.02 Hot Patch 2未満
回避策：アップデートにて対応
脆弱性：システムアクセス, バウンダリエラー, バッファオーバーフロー, リモートコード実行
ソース：http://www.novell.com/products/groupwise/
http://www.novell.com/support/viewContent.do?externalId=7007638
http://www.zerodayinitiative.com/advisories/ZDI-11-027/
http://secunia.com/advisories/43089/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4325
CVE：CVE-2010-4325
危険性：High Risk

Novell GroupWise

ソフト名：Novell GroupWise 8.0～8.02
回避策：Novell Document ID: 7007151, 7007152, 7007153, 7007154, 7007155, 7007156, 7007157, 7007158, 7007159にて対応
脆弱性：ディレクトリトラバーサル, スタックオーバーフロー, バッファオーバーフロー, リモートコード実行, XSS, 不正URLのリクエスト, 認証資格情報の奪取, フィッシング攻撃
ソース：http://www.novell.com/support/viewContent.do?externalId=7007151
http://www.novell.com/support/viewContent.do?externalId=7007152
http://www.novell.com/support/viewContent.do?externalId=7007153
http://www.novell.com/support/viewContent.do?externalId=7007154
http://www.novell.com/support/viewContent.do?externalId=7007155
http://www.novell.com/support/viewContent.do?externalId=7007156
http://www.novell.com/support/viewContent.do?externalId=7007157
http://www.novell.com/support/viewContent.do?externalId=7007158
http://www.novell.com/support/viewContent.do?externalId=7007159
http://www.exploit-db.com/exploits/15463/
http://www.exploit-db.com/exploits/15464/
http://www.zerodayinitiative.com/advisories/ZDI-10-237/
http://www.zerodayinitiative.com/advisories/ZDI-10-238/
http://www.zerodayinitiative.com/advisories/ZDI-10-239/
http://www.zerodayinitiative.com/advisories/ZDI-10-240/
http://www.zerodayinitiative.com/advisories/ZDI-10-241/
http://www.zerodayinitiative.com/advisories/ZDI-10-242/
http://www.zerodayinitiative.com/advisories/ZDI-10-243/
http://www.securityfocus.com/bid/44732
http://secunia.com/advisories/40820
http://www.vupen.com/english/advisories/2010/2920
危険性：High Risk

Novell GroupWise

ソフト名：Novell GroupWise 7.0～8.0 HP2
回避策：Novell Document ID: 7006371, 7006372, 7006374, 7006375, 7006377, 7006380にて対応
脆弱性：XSS, SQLインジェクション, バッファオーバーフロー, ヘッダーインジェクション, 認証資格情報の奪取, リモートコード実行, アプリケーションのクラッシュ, Webキャッシュ汚染, セッションの乗っ取り
ソース：http://www.novell.com/support/viewContent.do?externalId=7006371
http://www.novell.com/support/viewContent.do?externalId=7006372
http://www.novell.com/support/viewContent.do?externalId=7006374
http://www.novell.com/support/viewContent.do?externalId=7006375
http://www.novell.com/support/viewContent.do?externalId=7006377
http://www.novell.com/support/viewContent.do?externalId=7006380
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=14&Itemid=14
http://www.securityfocus.com/bid/41706
http://www.securityfocus.com/bid/41707
http://secunia.com/advisories/40622
http://www.vupen.com/english/advisories/2010/1832
http://www.vupen.com/english/advisories/2010/1833
危険性：High Risk

Novell GroupWise

ソフト名：Novell GroupWise 7.0～8.0 HP2
回避策：Novell Document ID: 7006373, Novell Document ID: 7006376, Novell Document ID: 7006379にて対応
脆弱性：不特定のエラー, XSS, 認証資格情報の奪取
ソース：http://www.novell.com/support/viewContent.do?externalId=7006373
http://www.novell.com/support/viewContent.do?externalId=7006376
http://www.novell.com/support/viewContent.do?externalId=7006379
http://secunia.com/advisories/40579
http://secunia.com/advisories/40623
危険性：Low Risk