title: Novell Teaming Multiple Vulnerabilities
* Username Enumeration
* Multiple Cross Site Scripting
* Includes vulnerable Liferay portal
program: Novell Teaming
Web conferencing software from Novell. Teaming and conferencing offers a
number of solutions to improve productivity for enterprises, with web
conferencing just one of those solutions.
[source: http://www.novell.com/products/teaming/]
Multiple vulnerabilities have been identified in Novell Teaming. These
include enumeration of usernames, information disclosure, and cross site
scripting flaws. An attacker could leverage these vulnerabilities to
collect information about the system and its users and conduct effective
(XSS supported) hybrid phishing attacks.
User authentication takes place via a login form at:
https://teaming.example.com/c/portal/login
The web application reacts differently for valid and invalid usernames
("Please enter a valid login" / "Auhtentication failed"). This allows an
attacker to deduce wether a spedific username exists. The attacker could
use this flaw to generate a list of usernames for dictionary- or
bruteforce-attacks.
The parameters p_p_state and p_p_mode are not validated or escaped by
the web application. Script code can be injected into these parameters,
allowing for cross site scripting attacks. Example:
Novell Teaming includes a version of Liferay portal with known
vulnerabilities (two cross site scripting flaws):
No special exploit code is required to exploit this vulnerabilities.
Version 1.0.3 of Novell Teaming is vulnerable to the issues described.
Prior versions are most likely also vulnerable.
2009-02-19: Vendor informed about vulnerabilities
2009-04-14: Patches available
The vendor has provided fixes for the issues described. In addition, two
Technical Information Documents containing update instructions have been
released. These can be found at the following URLs:
–
SEC Consult Unternehmensberatung GmbH
Office Vienna
Mooslackengasse 17
A-1190 Vienna
Austria
Tel.: +43 / 1 / 890 30 43 - 0
Fax.: +43 / 1 / 890 30 43 - 25
Mail: research at sec-consult dot com
www.sec-consult.com
EOF SEC Consult Vulnerability Lab / @2009