|
|
 |
Accueil | Resources | Public Advisories/Alerts
| Security Advisories
Vulnerability in the Novell Client for Windows 2000/XP/2003
| Reference: |
CERT-IST/AV-2008.010 |
| Version: |
1.0 |
| Version date: |
10 January 2008 |
|
Vulnerability Classification
| Risk: |
 |
high |
|
| Impact: |
Take control |
| Confidence: |
Vendor-acknowledged |
| Attack expertise: |
Expert |
| Attack requirements: |
Remote with account |
|
System Information
| Affected Platform(s): |
- Microsoft Windows 2000/XP/2003 systems
|
| Affected Software(s): |
- Client Novell 4.91 SP3 and SP4
|
Description
| Problem description: |
|
| A vulnerability has been discovered in the Novell Client for Windows 2000/XP/2003 systems. It allows an unprivileged user of a vulnerable system to take the full control of this system. |
|
| Technical context: |
|
| During the installation of Novell Client on a Windows system, the driver "nicm.sys" is loaded at system startup. This driver allows any user to open the device "\\.\nicm" and issue IOCTL calls. |
|
| Technical information: |
|
| This vulnerability is due to a flaw in the data validation by the "nicm.sys" driver when handling the arguments passed to some IOCTL handlers. It may allow a local user, via crafted data, to execute arbitrary code on the system with the "SYSTEM" privileges. |
|
Solution
Apply the patch for Novell Client 4.91 SP3 and SP4
English translation not available yet- Patch for Novell Client 4.91 SP3 and SP4
|
|
Standard vulnerability IDs
Additional Resources
- iDEFENSE security advisory 01.09.08 dated January 9, 2008
- Novell security advisory 5007683 dated January 9, 2008
|
|
History
|
|
|
|
|
|
|
|
|
|
Version |
|
|
|
Comment |
|
|
|
Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.0 |
|
|
|
Advisory creation |
|
|
|
10 January 2008 |
|
|
|
|
|
|
|
|
|
|
|
|
|
