Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.GROUPWISE_CLIENT_803_HP2.NASL
HistoryFeb 05, 2013 - 12:00 a.m.

Novell GroupWise Client 8.x < 8.0.3 Hot Patch 2 / 2012.x < 2012 SP1 Hot Patch 1 Multiple Vulnerabilities

2013-02-0500:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.969

Percentile

99.7%

JSON

The version of Novell GroupWise Client installed on the remote Windows host is 8.x prior to 8.0.3 Hot Patch 2 (8.0.3.26516) or 2012.x prior to 2012 SP1 Hot Patch 1 (12.0.1.16521). It is, therefore, reportedly affected by the following vulnerabilities :

  • An unspecified error exists related to an ActiveX control that could allow arbitrary code execution.
    (CVE-2012-0439)

  • Multiple pointer dereference errors exist that could allow arbitrary code execution. (CVE-2013-0804)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(64471);
  script_version("1.13");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id("CVE-2012-0439", "CVE-2013-0804");
  script_bugtraq_id(57657, 57658);
  script_xref(name:"EDB-ID", value:"24490");

  script_name(english:"Novell GroupWise Client 8.x < 8.0.3 Hot Patch 2 / 2012.x < 2012 SP1 Hot Patch 1 Multiple Vulnerabilities");
  script_summary(english:"Checks version of grpwise.exe");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an email application that is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Novell GroupWise Client installed on the remote Windows
host is 8.x prior to 8.0.3 Hot Patch 2 (8.0.3.26516) or 2012.x prior to
2012 SP1 Hot Patch 1 (12.0.1.16521).  It is, therefore, reportedly
affected by the following vulnerabilities :

  - An unspecified error exists related to an ActiveX
    control that could allow arbitrary code execution.
    (CVE-2012-0439)

  - Multiple pointer dereference errors exist that could
    allow arbitrary code execution. (CVE-2013-0804)");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-008/");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/526169/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://support.microfocus.com/kb/doc.php?id=7011687");
  script_set_attribute(attribute:"see_also", value:"https://support.microfocus.com/kb/doc.php?id=7011688");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Novell GroupWise Client 8.0.3 Hot Patch 2 (8.0.3.26516) /
2012 SP1 Hot Patch 1 (12.0.1.16521) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0804");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:groupwise");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("groupwise_client_installed.nasl");
  script_require_keys("SMB/Novell GroupWise Client/Path", "SMB/Novell GroupWise Client/Version");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');

version = get_kb_item_or_exit('SMB/Novell GroupWise Client/Version');
path = get_kb_item_or_exit('SMB/Novell GroupWise Client/Path');

if (version =~ '^8\\.' && ver_compare(ver:version, fix:'8.0.3.26516') == -1)
  fixed_version = '8.0.3 Hot Patch 2 (8.0.3.26516)';
else if (version =~ '^12\\.' && ver_compare(ver:version, fix:'12.0.1.16521') == -1)
  fixed_version = '2012 SP1 Hot Patch 1 (12.0.1.16521)';

if (fixed_version)
{
  port = get_kb_item('SMB/transport');
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, 'Novell GroupWise Client', version, path);

Related

saint 4
nvd 2
cve 2
exploitdb 2
zdt 1
metasploit 1
checkpoint_advisories 3
prion 2
zdi 1
packetstorm 1
d2 1
cvelist 2
htbridge 1
securityvulns 2
saint
saint
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
2013-02-18 00:00:00
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
2013-02-18 00:00:00
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
2013-02-18 00:00:00
nvd
nvd
CVE-2012-0439
2013-02-24 04:37:19
CVE-2013-0804
2013-02-24 04:37:19
cve
cve
CVE-2012-0439
2013-02-24 04:37:19
CVE-2013-0804
2013-02-24 04:37:19
exploitdb
exploitdb
Novell Groupwise Client - &#039;gwcls1.dll&#039; ActiveX Remote Code Execution (Metasploit)
2013-02-12 00:00:00
Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities
2013-01-31 00:00:00
zdt
zdt
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
2013-02-12 00:00:00
metasploit
metasploit
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
2013-02-09 16:40:45
checkpoint_advisories
checkpoint_advisories
Novell GroupWise Client for Windows ActiveX Code Execution (CVE-2012-0439)
2013-06-30 00:00:00
Novell GroupWise Client ActiveX gwabdlg.dll Untrusted Pointer Dereference (CVE-2013-0804)
2013-06-30 00:00:00
Novell GroupWise Client ActiveX gwmim1.ocx Untrusted Pointer Dereference (CVE-2013-0804)
2013-06-30 00:00:00
prion
prion
Design/Logic Flaw
2013-02-24 04:37:00
Null pointer dereference
2013-02-24 04:37:00
zdi
zdi
Novell GroupWise gwcls1.dll ActiveX Control Remote Code Execution Vulnerability
2013-02-01 00:00:00
packetstorm
packetstorm
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
2013-02-12 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_GWCLS
2013-02-24 04:37:00
cvelist
cvelist
CVE-2012-0439
2013-02-24 02:00:00
CVE-2013-0804
2013-02-24 02:00:00
htbridge
htbridge
Novell GroupWise Multiple Remote Code Execution Vulnerabilities
2012-11-26 00:00:00
securityvulns
securityvulns
Novell GroupWise code execution
2013-04-08 00:00:00
Novell GroupWise Multiple Remote Code Execution Vulnerabilities
2013-04-08 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.969

Percentile

99.7%

JSON
Related for GROUPWISE_CLIENT_803_HP2.NASL
saint4nvd2cve2exploitdb2zdt1metasploit1checkpoint_advisories3prion2zdi1packetstorm1d21cvelist2htbridge1securityvulns2