CVE-2020-27643
https://notcve.org/view.php?id=CVE-2020-27643
The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. El directorio %PROGRAMDATA%\1E\Client en 1E Client versiones 5.0.0.745 y 4.1.0.267, permite a los usuarios autenticados remotos y a los usuarios locales crear y modificar archivos en directorios protegidos (donde normalmente no tendrían acceso para crear o modificar archivos) mediante la creación de un punto de unión en un directorio del sistema. Esto conduce a una escalada parcial de privilegios • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-16268
https://notcve.org/view.php?id=CVE-2020-16268
The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. El instalador MSI en 1E Client versiones 4.1.0.267 y 5.0.0.745, permite a los usuarios autenticados remotos y a los usuarios locales obtener privilegios elevados por medio de la opción de reparación. Esto se aplica a instalaciones que tienen un TRANSFORM (MST) con la opción de deshabilitar la instalación del módulo Nomad. • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada. • https://www.exploit-db.com/exploits/27191 https://www.exploit-db.com/exploits/26452 http://pastebin.com/GB4iiEwR http://www.exploit-db.com/exploits/26452 http://www.exploit-db.com/exploits/27191 http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y Windows Server 2003 y el controlador del kernel NCPL.SYS en Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008 y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, podría permitir a usuarios locales obtener privilegios a través de una llamada 0x1439EB IOCTL manipulada. • http://pastebin.com/RcS2Bucg http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-189: Numeric Errors •
CVE-2008-3158 – Novell Client 4.91 SP4 - 'nwfs.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-3158
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory. Vulnerabilidad no especificada en NWFS.SYS de Novell Client para Windows 4.91 SP4 tiene un impacto y vectores de ataque desconocidos, posiblemente relacionado con peticiones IOCTL que sobrescriben memoria de su elección. • https://www.exploit-db.com/exploits/26418 http://secunia.com/advisories/30904 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028543.html http://www.securityfocus.com/bid/30001 http://www.securitytracker.com/id?1020385 http://www.vupen.com/english/advisories/2008/1968/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43460 • CWE-264: Permissions, Privileges, and Access Controls •