Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
BID:30001
Info
Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
| Bugtraq ID: | 30001 |
| Class: | Unknown |
| CVE: |
CVE-2008-3158 |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 26 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Rubén Santamarta |
| Vulnerable: |
Novell Client 4.91 SP4 |
| Not Vulnerable: | |
Discussion
Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
Novell Client is prone a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid in further attacks.
This issue affects Novell Client 4.91 SP4; other versions may also be affected.
Novell Client is prone a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid in further attacks.
This issue affects Novell Client 4.91 SP4; other versions may also be affected.
Exploit / POC
Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Solution:
The vendor has released updates. Please see the references for more information.
References
Novell Client 'NWFS.SYS' IOCTL Request Local Privilege Escalation Vulnerability
References:
References:
- Novell Homepage (Novell)
- Novell Client 4.91 Post-SP4 NWFS.SYS 2 (Novell)