Novell Home

My Favorites

Close

Please to see your favorites.

Architectural and security problems with NWFILTER.SYS

This document (3260263) is provided subject to the disclaimer at the end of this document.

Environment

Novell Client for Windows 2000/XP/2003 4.91 Support Pack 5
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 4
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 3
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 1a
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 1

Situation

Local exploitation of an input validation error vulnerability within NWFILTER.SYS could allow an unprivileged attacker to execute arbitrary code within the kernel. In order to exploit the vulnerability, an attacker would need to first log in and must then be able to execute a specially-crafted executable.

Resolution

This problem has been resolved in the Novell Client 4.91 SP5. Novell recommends you upgrade to the current version of the Novell Client for Windows XP/2003 to resolve this problem.
 
For pre-4.91 SP5 versions of the Novell Client for Windows XP/2003:
 
Download and install the patch file appropriate to your version of the Novell Client for Windows XP/2003.

Novell Client 4.91 SP4:
Title: Novell Client post-4.91 SP4 NWFILTER
Filename: 491psp4_nwfilter.zip
Readme: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5006982.html

Novell Client 4.91 SP3:
Title: Novell Client post-4.91 SP3 NWFILTER
Filename: 491psp3_nwfilter.zip
Readme: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5006862.html

Novell Client 4.91, 4.91 SP1, 4.91 SP1a and 4.91 SP2:
Title: Novell Client post-4.91, SP1, and SP2 NWFILTER
Filename: 491presp3_nwfilter.zip
Readme: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5006983.html

Status

Security Alert

Additional Information

Architectural problems in the existing NWFILTER.SYS design have been the subject of blue screen and functionality problems for some Novell Client users. Because a redesign of the NWFILTER.SYS driver is already required to address these problems, Novell has opted to remove the NWFILTER.SYS driver entirely rather than patch just the security issue within the existing design of the Novell Client 4.91 SP4.

The Novell Client 4.91 SP5 includes NWFILTER.SYS and the "UNC Path Filter" feature, including a fix for the security vulnerability cited in this Technical Information Document.

Security vulnerability:
CVE-2007-5667, found by Stephen Fewer of Harmony Security (www.harmonysecurity.com) working with the VeriSign iDefense VCP.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3260263
  • Creation Date:13-FEB-08
  • Modified Date:16-MAR-12
    • NovellClient

Did this document solve your problem? Provide Feedback