Показано с 1 по 1 из 1.

Novell Client for Windows Vulnerability

  1. #1
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Shu_b
    Регистрация
    02.11.2004
    Сообщений
    3,553
    Вес репутации
    1636

    Novell Client for Windows Vulnerability

    Novell Client Unspecified Buffer Overflow Vulnerability
    Secunia Advisory: SA23271 Release Date: 2006-12-07

    Critical: Moderately critical
    Impact: Unknown
    Where: From local network
    Solution Status: Vendor Workaround

    Software: Novell Client for Windows NT/2000/XP 4.x

    Description:

    A vulnerability with an unknown impact has been reported in Novell Client.

    The vulnerability is caused due to a boundary error in the NDPS Print Provider for Windows component (ndppnt.dll) and can be exploited to cause a buffer overflow.

    The vulnerability is reported in version 4.91. Other versions may also be affected.

    Solution: The vendor has issued a beta patch.
    Provided and/or discovered by: Reported by the vendor.
    Original Advisory: http://support.novell.com/docs/Readm...t/2974843.html



    Novell Client srvloc.sys Denial of Service Vulnerability
    Secunia Advisory: SA23244 Release Date: 2006-12-07

    Critical: Less critical
    Impact: DoS
    Where: From local network
    Solution Status: Vendor Patch

    Software: Novell Client for Windows NT/2000/XP 4.x

    Description:
    A vulnerability has been reported in Novell Client, which can be exploited by malicious people to cause a DoS (Denial of Service).

    The vulnerability is caused due to an unspecified error in SRVLOC.SYS. This can be exploited to crash the system by sending a specially crafted packet to port 427/TCP.

    The vulnerability is reported in version 4.91. Other versions may also be affected.

    Solution: Update to version 4.91 SP3.
    Provided and/or discovered by: The vendor credits Tyler Krpata.
    Original Advisory: https://secure-support.novell.com/Ka...AL_Public.html



    Novell ZENworks Patch Management SQL Injection Vulnerability
    Secunia Advisory: SA23243 Release Date: 2006-12-07

    Critical: Less critical
    Impact: Manipulation of data
    Where: From local network
    Solution Status: Vendor Patch

    Software:
    Novell ZENworks Patch Management 6.x

    Description:
    A vulnerability has been reported in Novell ZENWorks Patch Management, which can be exploited by malicious users to conduct SQL injection attacks.

    Input passed to the "agentid" and "pass" parameters in /dagent/downloadreport.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate an SQL query by injecting arbitrary SQL code.

    Solution: Update to version 6.3.2.700.
    Provided and/or discovered by: Reported by the vendor.
    Original Advisory: https://secure-support.novell.com/Ka...AL_Public.html

  2. Реклама
     

Похожие темы

  1. Переполнение буфера в Novell Client
    От ALEX(XX) в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 12.02.2008, 15:01
  2. Раскрытие данных в Novell Client для Windows
    От ALEX(XX) в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 05.02.2008, 20:49
  3. Повышение привилегий в Novell Client
    От ALEX(XX) в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 17.01.2008, 21:37
  4. Переполнение буфера в Novell Client
    От ALEX(XX) в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 31.08.2007, 09:23
  5. Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
    От Shu_b в разделе Уязвимости
    Ответов: 0
    Последнее сообщение: 23.11.2006, 08:51

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01173 seconds with 18 queries