This week I have 2 student from the city Margraten following the course N3088 Administrating Novell Enterprise Server 2 for Linux.
They are very quick student. Now it’s day 2 and all ready we are 2 Sections futher than we should be. But’s thats no problem.
They are following the complete NCE-ES track. So I will be seeing them in the N3089 and N3090 also.
Have Fun!
Update 11-2-2009: It’s the end of day 3, and we done the complete course.. Woh!!! In 3 day’s. I haven’t expericened that before. And we still have a day left. So I asked the students what the wanted to do in day 4. And that is Groupwise 8. Ok, nice choice.
We planned to reinstall a eDirectory server at a customers site. So the day before we gave a disable login so nobody would be authenticated to this server when I tried to remove it.
When I arrived in the morning some people where getting the following error:
server failed to response in an excessible amount of time. De server may be down
The cause of this error was that the tree name had a round robbing feature. And on of the ip adresses voor this record was poiting to this server. Because of the disable login users could
not authenticated to this server.
You would expect that the Novell Client would go to another server. But this wasn’t the case. Why?
I don’t know, but hoping to find out.
Ok, This is new for me. Groupwise Webaccess has a Security Issue. That’s one you don’t see often.
It seems like that it’s possible to execute a code through a link on a web page or by sending a certain
email to the system, people can get access to a users mailbox. That’s not nice!
Here you can read the whole article on Coolsolutions from Novell
The message of the post is simple: Upgrade to the latest Hot Patch of Groupwise 7.x or 8.x.
Groupwise 6.5 is not supported any more.
Update 5-2-2009: I have a bit more information. The vulnerability is that a person can send you a HTML email with a special code in it. This code can executed a JAVA script and so it’s possible this person can get access to your cookies or create a rule so every email this person gets is forwarded to a email address. Here you can find a example of the code.
I googled around, and could not find the code to create a rule that forwards every email to a external person. But I’m convinced that this code will be available soon.
Be aware this only gets executed in Webaccess. Not in the Groupwise client. You can minimize the thread thourg anti-spam, virus protection or a firewall.
Nevertheless you should apply the patched.
Uncategorized | Michael February 10, 2009 | 
Comments (2) 