String format vulnerability at client login prompt

  • 3546910
  • 12-Dec-2006
  • 26-Apr-2012

Environment

Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2 Login
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 3 Login

Situation

A format string vulnerability exists due to improper processing of format strings within NMAS
(Novell Modular Authentication Services) Information message window. An attacker who enters
special crafted format strings in the Username field at the Novell logon and selects Sequences
under the NMAS tab can read data from the winlogon process stack or read from arbitrary
memory, and at a minimum cause a denial of service.

Resolution

Fixed in updated LOGINW32.DLL dated 12Dec2006 or later.

Status

Security Alert

Additional Information

Vulnerability discovered by Deral Heiland of Layered Defense Research, www.layereddefense.com.