Lucene search
RootSSV:3277HistoryMay 12, 2008 - 12:00 a.m.
Novell Client for Windows口令重置本地栈溢出漏洞
2008-05-1200:00:00
Root
www.seebug.org
13
0.0004 Low
EPSS
Percentile
0.4%
BUGTRAQ ID: 29109
CVE(CAN) ID: CVE-2007-5762
Novell Client是允许NetWare连接到Windows的工作站软件。
Novell Client在处理用户名字段时存在栈溢出漏洞,如果用户在登录时提交了超长的用户名就可以触发这个溢出。
目前这个漏洞已经修复,将用户名字段限制为255个字符。但如果在登录时点击了“忘记口令”链接的话,就会弹出一个包含有所提供的用户名的窗口,这仍可触发栈溢出,导致蓝屏死机。
Novell Client <= 4.91 SP4
Novell
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://support.novell.com/security-alerts” target=“_blank”>http://support.novell.com/security-alerts</a>
* 在启动机器时首先提示登录到Novell。
在用户名字段输入254个B ==> 点击登录 ==> 忘记口令 ==> B.S.O.D
如果工作站已经登录:
novell ==> 登录Novell ==> 254个A ==> 点击登录 ==> 忘记口令 ==> 以下结果:
Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=41414141 ebx=00000111 ecx=00000001 edx=00000000 esi=00997980 edi=00997980
eip=73d22054 esp=00dff278 ebp=00dff200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
MFC42!Ordinal5163+0x492:
73d22054 8908 mov dword ptr [eax],ecx ds:0023:41414141=????????
Related
seebug
seebug
Novell Client 4.91 SP4 - Privilege Escalation Exploit
2014-07-01 00:00:00
Novell Client for Windows nicm.sys驱动本地权限提升漏洞
2008-01-11 00:00:00
cvelist
cvelist
CVE-2007-5762
2008-01-09 22:00:00
exploitpack
exploitpack
Novell Client 4.91 SP4 - Local Privilege Escalation
2012-05-22 00:00:00
nessus
nessus
Novell Client nicm.sys Local Privilege Escalation
2008-01-10 00:00:00
cve
cve
CVE-2007-5762
2008-01-09 22:46:00
packetstorm
packetstorm
Novell Client 4.91 SP3/4 Privilege Escalation
2012-05-23 00:00:00
prion
prion
Code injection
2008-01-09 22:46:00
securityvulns
securityvulns
exploitdb
exploitdb
Novell Client 4.91 SP4 - Local Privilege Escalation
2012-05-22 00:00:00