Novell patches security vulnerability in NetWare Client for Windows
Novell has released an update for its NetWare Client, which fixes a critical vulnerability. A buffer overflow can be triggered remotely in the NWSPOOL.DLL file, allowing code to be injected and executed with system privileges. Novell Client v4.91 SP4 for Windows 2000/XP/2003 is affected. Novell do not provide any further details.
ZDI, which discovered the vulnerability, is still listing this bug in its upcoming advisory list under ZDI-CAN-146. According to this list, Novell has taken 173 days to fix the bug.
- Novell Client 4.91 Post-SP4 NWSPOOL.DLL, security advisory from Novell