CVE-2005-2620
CVSS5.0
发布时间 :2005-08-17 00:00:00
修订时间 :2016-10-17 23:28:56
NMCOPS    

[原文]grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.


[CNNVD]Novell GroupWise 明文口令泄露漏洞(CNNVD-200508-178)

        Novell GroupWise是一款跨平台协作软件。
        Novell GroupWise客户端对口令的处理上存在漏洞,攻击者可能利用此漏洞获取口令。GroupWise的grpWise.exe不能安全的处理认证凭据信息,这样本地攻击者就可以使用pmdump之类的工具临时存储进程的内存,以明文获取用户名和口令。攻击者也可能远程利用这个漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:novell:groupwise:6.5.2Novell Groupwise 6.5.2
cpe:/a:novell:groupwise:6.0Novell Groupwise 6.0
cpe:/a:novell:groupwise:6.5Novell Groupwise 6.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2620
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2620
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-178
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2005-06/0158.html
(UNKNOWN)  BUGTRAQ  20050620 Novell GroupWise Plain Text Password Vulnerability.
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0858.html
(UNKNOWN)  FULLDISC  20050825 NOVL-2005010098073 GroupWise Password Caching
http://marc.info/?l=bugtraq&m=112431139225724&w=2
(UNKNOWN)  BUGTRAQ  20050817 NOVL-2005010098073 GroupWise Password Caching
http://securitytracker.com/id?1014247
(VENDOR_ADVISORY)  SECTRACK  1014247
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm
(VENDOR_ADVISORY)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm
(PATCH)  CONFIRM  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm
http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html
(UNKNOWN)  MISC  http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html
http://www.securityfocus.com/bid/13997
(UNKNOWN)  BID  13997
http://xforce.iss.net/xforce/xfdb/21075
(UNKNOWN)  XF  groupwise-client-plaintext-password(21075)

- 漏洞信息

Novell GroupWise 明文口令泄露漏洞
中危 设计错误
2005-08-17 00:00:00 2005-10-20 00:00:00
本地  
        Novell GroupWise是一款跨平台协作软件。
        Novell GroupWise客户端对口令的处理上存在漏洞,攻击者可能利用此漏洞获取口令。GroupWise的grpWise.exe不能安全的处理认证凭据信息,这样本地攻击者就可以使用pmdump之类的工具临时存储进程的内存,以明文获取用户名和口令。攻击者也可能远程利用这个漏洞。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://support.novell.com/security-alerts

- 漏洞信息 (F39460)

NOVL-2005-10098073.txt (PacketStormID:F39460)
2005-08-18 00:00:00
 
advisory
CVE-2005-2620
[点击下载]

The GroupWise client sometimes caches the user name and password in memory while it is running. A hostile user with administrative access to the machine where a user is logged in may dump memory and find username/password pairs of logged in users. Versions below 7 are affected.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For Immediate Disclosure

============================== Summary ==============================

 Security Alert: NOVL-2005-10098073
          Title: GroupWise Password Caching
           Date: 16-August-2005
       Revision: Original
   Product Name: GroupWise 5.x, 6.x
 OS/Platform(s): Windows and NetWare
  Reference URL: http://support.novell.com/servlet/tidfinder/10098073
    Vendor Name: Novell, Inc. 
     Vendor URL: http://www.novell.com
Security Alerts: http://support.novell.com/security-alerts 
        Affects: GroupWise Windows Clients & Proxies
    Identifiers: Bugtraq:13997, CVE:CAN-2005-2620, SECTRACK:1014247
        Credits: securityteam@truedson.com

============================ Description ============================

The GroupWise client sometimes caches the user name and password in 
memory while it is running.

============================== Impact ===============================

A hostile user with administrative access to the machine where a user 
is logged in may dump memory and find username/password pairs of 
logged in users.

======================== Recommended Actions ========================
GW 7 was released with these fixes already applied, so no further
action is required for GroupWise 7 users.

Until the official release of GroupWise 6.5 SP5 in mid-September, 
customers wishing to apply Field Test Files (FTF) can download these 
from http://support.novell.com/filefinder/  and locate the latest 
GroupWise Agents and GroupWise Client FTFs.  Currently as of 
August 16, 2005 the filenames are fgw655h.exe for Agents and 
f32655f7e.exe for GW Client.  Both, FTFs will need to be applied 
to get the full fix. 

See detailed instructions in the referenced Technical Information 
Document (TID): http://support.novell.com/servlet/tidfinder/10098073 

============================ DISCLAIMER =============================

The content of this document is believed to be accurate at the time 
of publishing based on currently available information. However, the 
information is provided "AS IS" without any warranty or 
representation. Your use of the document constitutes acceptance of 
this disclaimer. Novell disclaims all warranties, express or 
implied, regarding this document, including the warranties of 
merchantability and fitness for a particular purpose. Novell is not 
liable for any direct, indirect, or consequential loss or damage 
arising from use of, or reliance on, this document or any security 
alert, even if Novell has been advised of the possibility of such 
damages and even if such damages are foreseeable.

============================ Appendices =============================

None

================ Contacting Novell Security Alerts ==================

To report suspected security vulnerabilities in Novell products, 
send email to
            secure@novell.com

PGP users may send signed/encrypted information to us using our 
PGP key, available from the our website at: 

            http://support.novell.com/security-alerts


Novell Security Alerts, Novell, Inc. PGP Key Fingerprint:

3C6B 3F26 4E34 1ADF E27B D6C4 1AC8 9184 34D1 9739

========================= Revision History ==========================
       Original: 16-Aug-2005 - Original Publication

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDA4GUGsiRhDTRlzkRAhDnAKCrwSIzonYqwbKjxmsm+CSlvwsqiwCg+Qdn
gK8fuk3uLS6wUY1S97pV36E=
=U6IQ
-----END PGP SIGNATURE-----

    

- 漏洞信息

17470
Novell GroupWise grpWise.exe Cleartext Password Disclosure
Local Access Required Cryptographic, Information Disclosure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

Novell GroupWise contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the 'grpWise.exe' process stores the user's e-mail password in memory in clear text, which can be used by a local attacker to obtain a target user's e-mail password resulting in a loss of confidentiality.

- 时间线

2005-06-20 2005-03-30
Unknow Unknow

- 解决方案

Upgrade to version 6.5 SP5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Novell GroupWise GrpWise.EXE Authentication Credentials Persistence Weakness
Design Error 13997
No Yes
2005-06-20 12:00:00 2009-07-12 04:06:00
Discovery of this issue is credited to "Security Team" <securityteam@truedson.com>.

- 受影响的程序版本

Novell Groupwise 6.5.4
Novell Groupwise 6.5.2
Novell Groupwise 6.5 SP2
Novell Groupwise 6.5 SP1
Novell Groupwise 6.5
Novell Groupwise 6.0 SP4
Novell Groupwise 6.0 SP3
Novell Groupwise 6.0 SP2
Novell Groupwise 6.0 SP1
Novell Groupwise 6.0
Novell Groupwise 5.5
- Novell Netware 5.0
- Novell Netware 4.11
Novell Groupwise 5.2
- Novell Netware 5.0
- Novell Netware 4.11
DameWare Development NT Utilities 4.9
DameWare Development NT Utilities 4.8
DameWare Development NT Utilities 3.0
Novell Groupwise 7.0

- 不受影响的程序版本

Novell Groupwise 7.0

- 漏洞讨论

A problem with Novell GroupWise may allow the recovery of sensitive information.

Novell GroupWise 'grpWise.exe' does not safely handle authentication credential information. As a result, a local user may be able to recover authentication passwords.

- 漏洞利用

No exploit is required.

- 解决方案

Novell reports that this issue will be addressed in GroupWise 6.5 SP5. There are also field test files available to address this issue. Please see the referenced Novell TID for instructions on obtaining these test files.

Novell security advisory NOVL-2005-10098073 is available. Novell GroupWise 7 is not vulnerable to this issue. Please see the referenced advisory for further information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站