30 July 2007, 14:55
Novell patches security vulnerability in NetWare Client for Windows
Novell has released an update for its NetWare Client, which fixes a critical vulnerability. A buffer overflow can be triggered remotely in the NWSPOOL.DLL file, allowing code to be injected and executed with system privileges. Novell Client v4.91 SP4 for Windows 2000/XP/2003 is affected. Novell do not provide any further details.
ZDI, which discovered the vulnerability, is still listing this bug in its upcoming advisory list under ZDI-CAN-146. According to this list, Novell has taken 173 days to fix the bug.
- Novell Client 4.91 Post-SP4 NWSPOOL.DLL, security advisory from Novell
(mba)
Print Version | Send by email
| Permalink: http://h-online.com/-733354
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
