Architectural and security problems with NWFILTER.SYS

This document (3260263) is provided subject to the disclaimer at the end of this document.

Environment

Novell Client for Windows 2000/XP/2003 4.91 Support Pack 5
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 4
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 3
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 1a
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 1

Situation

Local exploitation of an input validation error vulnerability within NWFILTER.SYS could allow an unprivileged attacker to execute arbitrary code within the kernel. In order to exploit the vulnerability, an attacker would need to first log in and must then be able to execute a specially-crafted executable.

Resolution

Download and install the patch file appropriate to your version of the Novell Client for Windows XP/2003 from download.novell.com.

Novell Client 4.91 SP4:
Title: Novell Client post-4.91 SP4 NWFILTER
Filename: 491psp4_nwfilter.zip
Readme: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5006982.html

Novell Client 4.91 SP3:
Title: Novell Client post-4.91 SP3 NWFILTER
Filename: 491psp3_nwfilter.zip
Readme: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5006862.html

Novell Client 4.91, 4.91 SP1, 4.91 SP1a and 4.91 SP2:
Title: Novell Client post-4.91, SP1, and SP2 NWFILTER
Filename: 491presp3_nwfilter.zip
Readme: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5006983.html

Status

Security Alert

Additional Information

Architectural problems in the existing NWFILTER.SYS design have been the subject of blue screen and functionality problems for some Novell Client users. Because a redesign of the NWFILTER.SYS driver is already required to address these problems, Novell has opted to remove the NWFILTER.SYS driver entirely rather than patch just the security issue within the existing design of the Novell Client 4.91 SP4.

The Novell Client 4.91 SP5 includes NWFILTER.SYS and the "UNC Path Filter" feature, including a fix for the security vulnerability cited in this Technical Information Document.

Security vulnerability:
CVE-2007-5667, found by Stephen Fewer of Harmony Security (www.harmonysecurity.com) working with the VeriSign iDefense VCP.

Document

Document ID:	3260263
Creation Date:	02-13-2008
Modified Date:	12-24-2008
Novell Product:	Novell Client

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.