Novell client firewall (NCF) 2.x exploited to gain escalated privileges

A vulnerability has been discovered in Novell Client Firewall, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to the application windows running with SYSTEM privileges and not properly restricting users from running arbitrary programs. This can be exploited to execute arbitrary commands with SYSTEM privileges by e.g. crafting a batch file executing cmd.exe and then move another file over this file inside Explorer via the "Save Configuration As..." functionality or similar.

The vulnerability has been confirmed in version 2.0 Build 0727. Other versions may also be affected.

This issue will not be fixed with Novell Client Firewall. The security vulnerability reported is only fixed in Agnitums OutPost 4.0 product, and no updates from Agnitum are available for Novell Client Firewall.

As a workaround:

- Grant only trusted users access to affected systems.
- disable copy and paste feature of Windows. To do this, follow the TID from Microsoft at http://support.microsoft.com/kb/888534 (Disable the Drag and drop or copy and paste files option in the Internet ...).

Provided and/or discovered by:
Reported by H. Wiedemann in Outpost Firewall, which Novell Client Firewall is based on.