Release date:
Updated on: 2013-05-30
Affected Systems:
Novell Client for Windows NT/2000/XP 4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60202
The Novell Client workstation software extends the functionality of Linux and Windows desktops by providing access to NetWare and Open Enterprise Server (OES.
Novell Client 4.91 SP5 IR1 for Windows XP/2003 and other versions are processing NWFS. the "NWC_VERIFY_KEY_WITHCONN" (0x1439EB) IOCTL request in SYS has the integer overflow vulnerability, which can be exploited to cause a buffer overflow and arbitrary code execution.
<* Source: anonymous
Link: http://secunia.com/advisories/53630/
Http://www.novell.com/support/kb/doc.php? Id = 7012497
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Novell
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.novell.com/zh-cn/products/openenterpriseserver/features/clients.html