Environment
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Login
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 3 Login
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 3 Login
Situation
A format string vulnerability exists due to improper processing of format strings within NMAS
(Novell Modular Authentication Services) Information message window. An attacker who enters
special crafted format strings in the Username field at the Novell logon and selects Sequences
under the NMAS tab can read data from the winlogon process stack or read from arbitrary
memory, and at a minimum cause a denial of service.
Resolution
Fixed in updated LOGINW32.DLL dated 12Dec2006 or later.
Status
Security AlertAdditional Information
Vulnerability discovered by Deral Heiland of Layered Defense
Research, www.layereddefense.com.