Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability
09 January 2008

iDefense has published an advisory for a vulnerability in the Novell NetWare Client which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can execute malicious code in kernel mode by exploiting an insecure IOCTL in the NCIM device driver.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637

Novel have issued a patch available here:

http://download.novell.com/Download?buildid=4FmI89wOmg4~

Labels:

Digg This Story Bookmark in del.icio.us Slashdot This!


Archives


Copyright © Harmony Security 2008