Profile Bypass Vulnerability in Novell Client for Windows
CVE-2007-0108

Currently unrated

Key Information:

Vendor: Novell
Status: Client
Vendor: CVE Published:; 9 January 2007

Summary

The nwgina.dll component of Novell Client 4.91 SP3 for Windows 2000, XP, and 2003 fails to securely delete user profiles during Terminal Service or Citrix sessions. This oversight allows remote authenticated users to access alternate user profiles, potentially exposing sensitive data and violating user data integrity. Users are advised to review their session security best practices and consider upgrading to secure versions to mitigate this risk.

References

http://www.vupen.com/english/advisories/2007/0064

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1017471

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/21886

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 9, 2007
Vulnerability Reserved
Jan 8, 2007