Vigil@nce: Novell Client, privilege elevation via NWFS.SYS
July 2008 by Vigil@nce
A local attacker can use the NWFS.SYS of Novell Client in order to
obtain privileges of system.
– Gravity: 2/4
– Consequences: administrator access/rights
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 30/06/2008
– Identifier: VIGILANCE-VUL-7920
IMPACTED PRODUCTS
Novell Client [confidential versions]
DESCRIPTION
The Novell client installs the NWFS.SYS (NetWare File System)
driver.
A local attacker can use a vulnerability of NWFS.SYS in order to
corrupt system memory. Technical details are unknown.
A local attacker can therefore obtain privileges of local
administrator.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-7920
– Url: https://vigilance.aql.fr/tree/1/7920