Hello Daniele, I'm catching up on email and saw this -- are you (or anyone else here) familiar with the notify protocol running under the fat-client verison of Groupwise? If so can you email me off list .. I want to know if there's a way around the UDP->TCP flip that it does mid- stream (can be seen on a decent sized Busy Search in the Schedule/Calendar) -- or predict the outbound port used to notify on new email, prior the inbount poll done by the client every 8 minutes.
We've been burnt by these oddities in the protocol and aren't getting anywhere with Novell (apparently they were reporting a 52 hour wait on their support queue last week ;-) Thanks, ----- Original Message ----- >From: "Daniele Muscetta" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: Re: [Full-Disclosure] Operating Systems Security, 'Microsoft Security, baby >steps' >Date: Thu, 18 Mar 2004 11:18:51 +0100 > > Todd Burroughs said: > > Kudos to SuSE, keep up the good work! We're getting nervous with the > > Novell thing, but keep security first. > > > Yeah..... tell Novell, indeed: > > http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968352.htm > > for their propreitary Groupwise Webmail interface I have been waiting for > MONTHS for this fix.... it has been in BETA for months now, looks like > forever.... and it says: > [...] This patch also addresses OpenSSL security vulnerabilities described > in CERT� Advisories CAN-2003-0543 (VU#255484), CAN-2003-0544 (VU#380864), > VU#686224, and VU#732952 [...] > .....which is not yesterday's bug. But a much older one. > It's kept very quiet though. Any other distro/vendor has had it fixed for > ages now. > I believe that the known exploits for linux/unix don't work on Netware so > they think it is safe to take that long to fix it..... > Yeah, this BETA fix is there.... but: > [...] Groupwise 6.5 WebAccess SP2 Field Test File revision E. This patch > should be used to verify bug fixes prior to the official release of > GroupWise 6.5 Support Pack 2. Fixes in this FTF are not guaranteed to be > included in the shipping release of Groupwise 6.5 SP2. [...] > So.... is one supposed to install it or not ? > > Good that SuSE *still* works indipendently enough. > > Daniele > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
