Up to 25 million Novell GroupWise users could be vulnerable to an "extremely serious" bug in recent versions of the software. But Novell is keeping shtum about what the hole is exactly and how it affects a network.
An advisory released by Novell this week provides few details, but warns that a problem has been discovered in GroupWise, which the company says makes "it possible to completely compromise a GroupWise system". Security watchers added that administrators should assume that this is a remotely exploitable bug.
The hole affects GroupWise 6.0, GroupWise Enhancement Pack 5.5, GroupWise 5.5, Netware 5.0 and Netware 4.11. Much to the annoyance of users, Novell has not disclosed any technical details, but has made a patch available to the general public.
The company is telling users to apply the Padlock Fix immediately, but is not telling them what it does, claiming that users need to get their systems patched before the problem becomes public knowledge so hackers can't exploit it.
However, the Padlock Fix itself has also raised a few eyebrows. Weighing in at hefty 28Mb, users are concerned about what it contains, but Novell is tight-lipped about that as well, giving some vague explanation about script files that help in distributing the patch.
Although it goes against their better judgement, IT managers are apparently installing the patch in blind faith, although some have criticised Novell for not even detailing the consequences of not applying the patch. The fix contains both a server side and client side patch. Novell insists that the server side be applied first.
The company has also denied that the problem is in any way related to a glitch discovered last month which exposed users' security credentials. Apparently, that bug was fixed by Enhancement Service Pack 3, released at the end of last month.
The fix is available here.
Freshly launched 11nm Qualcomm silicon will come with Adreno 612 GPU
Are pinning down the exact rate of expansion of the Hubble constant
RISC OS 5 to form the basis of RISC OS Open after Castle Technology sells to RISC OS Developments
A smartphone maker fiddling its benchmarking scores? That's unusual, isn't it?