Thursday, 10 January 2008

Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability

iDefense has published an advisory for a vulnerability in the Novell NetWare Client which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can execute malicious code in kernel mode by exploiting an insecure IOCTL in the NCIM device driver.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=637

Novel have issued a patch available here:

http://download.novell.com/Download?buildid=4FmI89wOmg4~

Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability

iDefense has published an advisory for a vulnerability in the Motorola netOctopus Agent which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can reliably execute malicious code in ring 0 by hijacking the SYSENTER_EIP_MSR via an improperly exposed interface in the NantSys device driver.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=636

You can read Motorola's fix for the issue here:
http://www.netopia.com/support/software/technotes/netoctopus/Removing_the_nantsys_Driver.pdf [PDF]

Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability

iDefense has published an advisory for a vulnerability in the Novell ZENworks Endpoint Security Management (ESM) Security Client which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can trivially run executables with SYSTEM privileges.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635