Format String Vulnerability in Novell Client 4.91 by Novell
CVE-2006-6306

Currently unrated

Key Information:

Vendor: Novell
Status: Client
Vendor: CVE Published:; 5 December 2006

Summary

The Novell Client 4.91 SP2 and SP3 versions are susceptible to a format string vulnerability found in the Novell Modular Authentication Services (NMAS). This flaw permits users with physical access to the system to exploit format string specifiers in the Username field during the logon process. As a result, an attacker can potentially read sensitive information stored in stack and memory contents, leading to unauthorized data disclosure.

References

http://securityreason.com/securityalert/1970

third-party-advisoryx_refsource_SREASON

http://securitytracker.com/id?1017377

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2006/4987

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Dec 5, 2006
Vulnerability Reserved
Dec 5, 2006