|
|
|
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637
|
|
Vulnerable Systems:
* Novell's NetWare Client 4.91 SP4 with nicm.sys file version 3.0.0.4
When the Novell NetWare Client is installed on a Windows-based operating system, the driver nicm.sys will be loaded at system startup. This driver allows any user to open the device "\\.\nicm" and issue IOCTLs with a buffering mode of METHOD_NEITHER.
Due to insufficient input validation, user mode software can pass kernel addresses as arguments to the driver. By using specially constructed input, a malicious user can use functionality within the driver to patch kernel addresses and execute arbitrary code in kernel mode.
Analysis:
Exploitation of this vulnerability allows a local attacker to execute arbitrary code within the kernel. To exploit the vulnerability, the attacker must be able execute a specially crafted executable on the targeted computer.
Vendor response:
Novell Inc. has addressed this vulnerability by releasing a patch for the NetWare Client SP4. For more information visit the following URL: http://download.novell.com/Download?buildid=4FmI89wOmg4~
CVE Information:
CVE-2007-5762
Disclosure Timeline:
10/30/2007 - Initial vendor notification
11/13/2007 - Initial vendor response
01/09/2008 - Coordinated public disclosure
|
|
|
|