CVE-2007-5762 – Novell Client 4.91 SP4 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-5762
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode. El controlador NICM.SYS 3.0.0.4, como el utilizado en Novell NetWare Client 4.91 SP4, permite a usuarios locales ejecutar código de su elección abriendo el dispositivo \\.\nicm y proporcionando direcciones del núcleo manipuladas mediante IOCTLs con modo de uso de búfer METHOD_NEITHER. • https://www.exploit-db.com/exploits/18914 http://download.novell.com/Download?buildid=4FmI89wOmg4~ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637 http://secunia.com/advisories/28396 http://www.securityfocus.com/bid/27209 http://www.securitytracker.com/id?1019172 http://www.vupen.com/english/advisories/2008/0088 https://exchange.xforce.ibmcloud.com/vulnerabilities/39576 • CWE-20: Improper Input Validation •
CVE-2007-5667
https://notcve.org/view.php?id=CVE-2007-5667
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. NWFILTER.SYS en Novell Client 4.91 SP 1 hasta el SP 4 para Windows 2000, XP, y Server 2003 toma el dispositivo disponible \.\nwfilter para entradas METHOD_NEITHER IOCTLs en modo usuario de su elección, lo cual permite a usuarios locales ganar privilegios pasando la dirección del núcleo como un argumento y sobrescribiendo localizaciones de la memoria del núcleo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626 http://osvdb.org/40867 http://secunia.com/advisories/27678 http://www.securityfocus.com/bid/26420 http://www.securitytracker.com/id?1018943 http://www.vupen.com/english/advisories/2007/3846 https://exchange.xforce.ibmcloud.com/vulnerabilities/38434 https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html • CWE-20: Improper Input Validation •
CVE-2007-2954 – Novell Client NWSPOOL.DLL Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2954
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. Múltiples desbordamientos de búfer en la región stack de la memoria en el servicio Spooler (biblioteca nwspool.dll) en Novell Client versiones 4.91 desde SP2 hasta SP4 para Windows, permite a atacantes remotos ejecutar código arbitrario por medio de ciertos argumentos largos en peticiones RPC (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory y otras no especificadas, también se conoce como bug de Novell 300870, una vulnerabilidad diferente de CVE-2006-5854. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. Several RPC functions exposed by this DLL do not properly verify argument sizes and subsequently copy user-supplied data to a stack-based buffer resulting in an exploitable overflow. • http://download.novell.com/Download?buildid=VOXNZb-6t_g~ http://osvdb.org/37321 http://secunia.com/advisories/26374 http://secunia.com/secunia_research/2007-57/advisory http://securitytracker.com/id?1018623 http://www.securityfocus.com/bid/25474 http://www.vupen.com/english/advisories/2007/3006 http://www.zerodayinitiative.com/advisories/ZDI-07-045 https://exchange.xforce.ibmcloud.com/vulnerabilities/35824 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0108
https://notcve.org/view.php?id=CVE-2007-0108
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. nwgina.dll en Novell Client 4.91 SP3 para Windows 2000/XP/2003 no elimina los perfiles de usuario durante una sesión de Servicio de Terminal o Citrix, lo cual permite a usuarios autenticados remotamente invocar perfiles de usuario alternativos. • http://osvdb.org/31358 http://secunia.com/advisories/23619 http://securitytracker.com/id?1017471 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm http://www.securityfocus.com/bid/21886 http://www.vupen.com/english/advisories/2007/0064 https://exchange.xforce.ibmcloud.com/vulnerabilities/31343 •
CVE-2006-6443
https://notcve.org/view.php?id=CVE-2006-6443
Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. Desbordamiento de búfer en Novell Distributed Print Services (NDPS) Print Provider para componentes de Windows (NDPPNT.DLL) en Novell Client 4.91 tiene impacto desconocido y ataques de vectores remotos. • http://secunia.com/advisories/23271 http://support.novell.com/docs/Readmes/InfoDocument/2974843.html http://www.securityfocus.com/bid/21479 http://www.vupen.com/english/advisories/2006/4862 •