Novell client firewall (NCF) 2.x exploited to gain escalated privileges

  • 3762108
  • 11-Jan-2007
  • 26-Apr-2012

Environment


Novell BorderManager 3.7
Novell BorderManager 3.8
Novell BorderManager Client Firewall 2.0

Situation

A vulnerability has been discovered in Novell Client Firewall, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to the application windows running with SYSTEM privileges and not properly restricting users from running arbitrary programs. This can be exploited to execute arbitrary commands with SYSTEM privileges by e.g. crafting a batch file executing cmd.exe and then move another file over this file inside Explorer via the "Save Configuration As..." functionality or similar.

The vulnerability has been confirmed in version 2.0 Build 0727. Other versions may also be affected.

Resolution

This issue will not be fixed with Novell Client Firewall. The security vulnerability reported is only fixed in Agnitums OutPost 4.0 product, and no updates from Agnitum are available for Novell Client Firewall.

As a workaround:

- Grant only trusted users access to affected systems.
- disable copy and paste feature of Windows. To do this, follow the TID from Microsoft at http://support.microsoft.com/kb/888534 (Disable the Drag and drop or copy and paste files option in the Internet ...).

Status

Security Alert

Additional Information

Provided and/or discovered by:
Reported by H. Wiedemann in Outpost Firewall, which Novell Client Firewall is based on.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.