Blog

Thursday 10 January 2008 - Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability

By Stephen Fewer

iDefense has published an advisory for a vulnerability in the Novell NetWare Client which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can execute malicious code in kernel mode by exploiting an insecure IOCTL in the NCIM device driver.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637

Novel have issued a patch available here:

http://download.novell.com/Download?buildid=4FmI89wOmg4~

Labels:

 

 

Bookmark and Share