The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Micro Focus Novell Client

vulnerability alert CVE-2014-0595

Novell Client for Linux on OES11 SP2: privilege escalation via nwrights

Synthesis of the vulnerability

A local attacker can use a file, with rights granted by nwrights, in order to escalate his privileges.
Impacted products: Novell Client, OES, SUSE Linux Enterprise Desktop.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/05/2014.
Identifiers: 7014932, CVE-2014-0595, SUSE-SU-2014:0847-1, VIGILANCE-VUL-14721.

Description of the vulnerability

The /opt/novell/ncl/bin/nwrights command is provided with Novell Client for Linux. It defines rights on files.

However, on OES11 SP2, the 'S' (Supervisor) right is automatically granted when the user sets the 'F' (File system) right.

A local attacker can therefore use a file, with rights granted by nwrights, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3705

Novell Client: denial of service via Vba32 AntiRootKit

Synthesis of the vulnerability

A local attacker can create a VBA32 application forcing the Novell Client to call an unsupported IOCTL, in order to trigger a denial of service.
Impacted products: Novell Client.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 23/12/2013.
Identifiers: 7014276, BID-64484, CVE-2013-3705, VIGILANCE-VUL-13979.

Description of the vulnerability

A local attacker can create a VBA32 application forcing the Novell Client to call an unsupported IOCTL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 12873

Novell Client 2 for Windows 7/8: privilege escalation via nicm.sys

Synthesis of the vulnerability

A local attacker can call a controlled function in nicm.sys of Novell Client 2 for Windows 7/8, in order to escalate his privileges.
Impacted products: Novell Client.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 29/05/2013.
Identifiers: 7012497, BID-60203, VIGILANCE-VUL-12873.

Description of the vulnerability

The Novell Client 2 for Windows 7/8 product installs the driver nicm.sys.

However, the IOCTL 0x143B6B (NICM_IOCTL_REQUEST_REPLY) uses user's data to generate a function pointer.

A local attacker can therefore call a controlled function in nicm.sys of Novell Client 2 for Windows 7/8, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 12872

Novell Client 4.9x for Windows XP/2003: integer overflow of nwfs.sys

Synthesis of the vulnerability

A local attacker can generate an integer overflow in nwfs.sys of Novell Client 4.9x for Windows XP/2003, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Novell Client.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 29/05/2013.
Identifiers: 7012497, BID-60202, VIGILANCE-VUL-12872.

Description of the vulnerability

The Novell Client 4.9x for Windows XP/2003 product installs the nwfs.sys driver.

However, data for the IOCTL 0x1439EB (NWC_VERIFY_KEY_WITHCONN) are not checked. A large size triggers an integer overflow, and then an allocation of a short memory area.

A local attacker can therefore generate an integer overflow in nwfs.sys of Novell Client 4.9x for Windows XP/2003, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 11859

Windows: rejecting RSA keys of less than 1024 bits

Synthesis of the vulnerability

Microsoft offers a patch for Windows, in order to reject RSA keys of less than 1024 bits, which are seen as too weak.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, Novell Client.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 16/08/2012.
Identifiers: 2661254, 2749655, VIGILANCE-VUL-11859.

Description of the vulnerability

The RSA algorithm is used to encrypt data, using a key pair (public and private). The size of the private key defines the time required to find it using a brute force (or via optimizations) attack. Nowadays, the minimal recommended size for RSA keys is 2048 bits.

Microsoft therefore offers a patch for Windows, in order to reject RSA keys of less than 1024 bits, which are seen as too weak.

This patch will be offered by default on October 2012. It is thus recommended to check the size of keys used by various applications, in anticipation of installing this patch.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2009-1350

Novell NetIdentity: code execution via XTIERRPCPIPE

Synthesis of the vulnerability

A network attacker can connect to the IPC$ share in order to execute code on the computer where Novell NetIdentity is installed.
Impacted products: Novell Client.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 07/04/2009.
Identifiers: BID-34400, CVE-2009-1350, VIGILANCE-VUL-8607, ZDI-09-016, ZDI-CAN-397.

Description of the vulnerability

The Novell NetIdentity product installs the xtagent.exe service, which is reachable via the XTIERRPCPIPE named pipe. This named pipe is used to send RPC queries to the service.

However, XTIERRPCPIPE does not check memory addresses indicated in RPC queries. An invalid memory address corrupts the system memory.

A network attacker can therefore connect to the IPC$ share in order to execute code on the computer where Novell NetIdentity is installed.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-3158

Novell Client: privilege elevation via NWFS.SYS

Synthesis of the vulnerability

A local attacker can use the NWFS.SYS of Novell Client in order to obtain privileges of system.
Impacted products: Novell Client.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 30/06/2008.
Identifiers: BID-30001, CVE-2008-3158, VIGILANCE-VUL-7920.

Description of the vulnerability

The Novell client installs the NWFS.SYS (NetWare File System) driver.

A local attacker can use a vulnerability of NWFS.SYS in order to corrupt system memory.

A local attacker can therefore obtain privileges of local administrator.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-2145

Novell Client: buffer overflow of login

Synthesis of the vulnerability

A local attacker can use a long login name in order to create an overflow to access to the system.
Impacted products: Novell Client.
Severity: 2/4.
Consequences: user access/rights.
Provenance: physical access.
Creation date: 09/05/2008.
Identifiers: BID-29109, CVE-2008-2145, VIGILANCE-VUL-7809.

Description of the vulnerability

The authentication interface of the Novell client has a "forgot password" link displaying a dialog box with the user login name.

However, an attacker can enter a long login name in order to generate an overflow when this dialog is displayed.

A local attacker can therefore execute code on the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-0639

Novell Client: buffer overflow of NWSPOOL.DLL

Synthesis of the vulnerability

A RPC attacker can create an overflow in the EnumPrinters function of NWSPOOL.DLL in order to execute code on computer.
Impacted products: Novell Client.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 12/02/2008.
Identifiers: BID-27741, CERTA-2008-AVI-069, CVE-2008-0639, VIGILANCE-VUL-7575, ZDI-08-005.

Description of the vulnerability

The NWSPOOL.DLL library is used by the printing system. A local attacker can directly access to functions of this library. A remote attacker can also access them via the Spooler service available on RPC.

A buffer overflow was announced in the EnumPrinters function of NWSPOOL.DLL reachable via RPC. Its technical details are unknown.

This vulnerability permits a network attacker to execute code on system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-0663

Novell Client: obtaining clipboard via LCM

Synthesis of the vulnerability

When session is locked, a local attacker can obtain the contents of the clipboard with the Challenge Response Client LCM.
Impacted products: Novell Client.
Severity: 1/4.
Consequences: data reading.
Provenance: user console.
Creation date: 05/02/2008.
Identifiers: 3726376, BID-27631, CVE-2008-0663, VIGILANCE-VUL-7547.

Description of the vulnerability

The Challenge Response Client LCM (Login Client Module) authenticates user by requiring the answer to a question.

When user's session is locked, a local attacker cannot access to his data. However, a local attacker can paste the contents of the clipboard (Control-V) in the Challenge Question field.

Attacker can thus read the last data copied by the user before the session lock.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Micro Focus Novell Client: