Security Vulnerability - May 2013 Novell Client for Windows Zero Day disclosures

  • 7012497
  • 28-May-2013
  • 10-Jun-2013

Environment

Novell Client for Windows

Situation

Two "Zero Day" disclosures were posted on May 10th and May 22nd, 2013:

1. The NICM.SYS kernel driver installed by Novell Client for Windows on the Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows Vista and Windows Server 2008 platforms contains a hijack of execution vulnerability in the handling of IOCTL 0x143B6B.  Exploitation of this issue allows an attacker to execute arbitrary code within a kernel execution context.  An attacker would need local access to a vulnerable computer to exploit this vulnerability.
 
Original disclosure and details.
 
This issue is also present in the Novell Client for Windows XP/2003, although there are additional factors which significantly mitigate and block the ability to successfully exploit the issue as compared to the Windows 7 platforms.
 

2. The NWFS.SYS kernel driver installed by Novell Client for Windows XP/2003 contains an integer overflow vulnerability in the handling of IOCTL 0x1439EB and other IOCTLs.  Exploitation of this issue potentially allows an attacker to execute arbitrary code within the kernel, if they also mount a successful kernel pool attack against Windows itself.  An attacker would need local access to a vulnerable computer to exploit this vulnerability.
 
Original disclosure and details.
 
This issue is also present in the NCPL.SYS kernel driver installed by Novell Client for Windows on the Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows Vista and Windows Server 2008 platforms.
 

All versions of the Novell Client for Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows Vista and Windows Server 2008 are affected up to and including Novell Client 2 SP3 for Windows (IR1a) and Novell Client 2 SP2 (IR6).
 
All versions of the Novell Client for Windows XP/2003 are affected, up to and including the Novell Client 4.91 SP5 for Windows XP/2003 (IR1) with or without the "Novell Client 4.91 Post-SP5 (IR1) NWFS.SYS 3" update installed.

Resolution

For Novell Client 2 SP3 for Windows 7, Windows 8, Windows 2008 R2, and Windows 2012, the fix is located in the Novell Client 2 SP3 for Windows (IR2).

For Novell Client 2 SP2 for Windows Vista and Windows 2008, the fix is located in the Novell Client 2 SP2 for Windows (IR6a).

For Novell Client 4.91 SP5 for Windows XP/2003, the fix is located in Novell Client 4.91 Post-SP5 (IR1) NWFS.SYS 5.

Status

Security Alert

Additional Information

Windows XP/2003: CVE-2013-3697

Windows 7 and Windows 8: CVE-2013-3956