CVE-2007-6701
https://notcve.org/view.php?id=CVE-2007-6701
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. Múltiples desbordamientos de búfer basados en pila en el servicio Spooler (nwspool.dll) de Novell Client 4.91 SP4 para Windows permiten a atacantes remotos ejecutar código de su elección a través de argumentos largos de múltiples funciones RCP no especificadas, también conocido como Novell bug 287919, una vulnerabilidad diferente a CVE-2007-2954. • http://archives.neohapsis.com/archives/bugtraq/2007-08/0082.html http://secunia.com/advisories/26238 http://securitytracker.com/id?1018471 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005400.html http://www.securityfocus.com/bid/25092 http://www.zerodayinitiative.com/advisories/ZDI-07-045.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0639 – Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0639
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701. Desbordamiento de búfer basado en pila en la función EnumPrinters del servicio Spooler en Novell Client 4.91 SP2, SP3 y SP4 para Windows, permite a atacantes remotos ejecutar código de su elección mediante una petición RPC manipulada, también conocida como Novell bug 353138, una vulnerabilidad diferente a la CVE-2006-5854. NOTA: este problema se produce debido a un parche incompleto para CVE-2007-6701. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. • http://download.novell.com/Download?buildid=SszG22IIugM~ http://marc.info/?l=full-disclosure&m=120276962211348&w=2 http://secunia.com/advisories/28895 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5008300.html http://www.securityfocus.com/archive/1/487980/100/0/threaded http://www.securityfocus.com/bid/27741 http://www.securitytracker.com/id?1019366 http://www.vupen.com/english/advisories/2008/0496 http://www.zerodayinitiative.com/advisories/ZDI-08-005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0663
https://notcve.org/view.php?id=CVE-2008-0663
Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field. Novell Challenge Response Client (LCM) 2.7.5 y versiones anteriores, como el usado en Novell Client 4.91 SP4 para Windows, permite a usuarios con acceso físico a un sistema bloqueado obtener contenidos del porta-papeles pegando los contenidos en el campo Challenge Question. • http://secunia.com/advisories/28792 http://www.securityfocus.com/bid/27631 http://www.securitytracker.com/id?1019304 http://www.vupen.com/english/advisories/2008/0423/references https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html •
CVE-2007-5762 – Novell Client 4.91 SP4 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-5762
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. El controlador NICM.SYS 3.0.0.4, como el utilizado en Novell NetWare Client 4.91 SP4, permite a usuarios locales ejecutar código de su elección abriendo el dispositivo \\.\nicm y proporcionando direcciones del núcleo manipuladas mediante IOCTLs con modo de uso de búfer METHOD_NEITHER. • https://www.exploit-db.com/exploits/18914 http://download.novell.com/Download?buildid=4FmI89wOmg4~ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637 http://secunia.com/advisories/28396 http://www.securityfocus.com/bid/27209 http://www.securitytracker.com/id?1019172 http://www.vupen.com/english/advisories/2008/0088 https://exchange.xforce.ibmcloud.com/vulnerabilities/39576 • CWE-20: Improper Input Validation •
CVE-2007-5667
https://notcve.org/view.php?id=CVE-2007-5667
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. NWFILTER.SYS en Novell Client 4.91 SP 1 hasta el SP 4 para Windows 2000, XP, y Server 2003 toma el dispositivo disponible \.\nwfilter para entradas METHOD_NEITHER IOCTLs en modo usuario de su elección, lo cual permite a usuarios locales ganar privilegios pasando la dirección del núcleo como un argumento y sobrescribiendo localizaciones de la memoria del núcleo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626 http://osvdb.org/40867 http://secunia.com/advisories/27678 http://www.securityfocus.com/bid/26420 http://www.securitytracker.com/id?1018943 http://www.vupen.com/english/advisories/2007/3846 https://exchange.xforce.ibmcloud.com/vulnerabilities/38434 https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html • CWE-20: Improper Input Validation •