Local Privilege Escalation in Novell Client for Windows
CVE-2007-5667

Currently unrated

Key Information:

Vendor: Novell
Status: Client
Vendor: CVE Published:; 14 November 2007

Summary

The NWFILTER.SYS component in Novell Client versions 4.91 SP 1 to SP 4 for Windows 2000, Windows XP, and Windows Server 2003 presents a security vulnerability by allowing arbitrary user-mode input through METHOD_NEITHER IOCTLs. This exploitation permits local users to escalate privileges by inputting a kernel address and modifying critical kernel memory locations. As a result, unauthorized users may gain elevated permissions that could lead to further compromise of system integrity.

References

http://secunia.com/advisories/27678

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/38434

vdb-entryx_refsource_XF

http://www.securitytracker.com/id?1018943

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 14, 2007
Vulnerability Reserved
Oct 23, 2007