Novell

This is Your Open EnterpriseTM

Novell Client post-4.91 SP4 NWFILTER

This document (5006982) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: Yes
Priority: Mandatory
Distribution Type: Public
http://download.novell.com/Download?buildid=VXY3WAWrOYY~

document

Revision: 7
Document ID: 5006982
Creation Date: 2007-11-09 17:22:11
Modified Date: 2008-05-14 16:25:23

abstract

491psp3_nwfilter.zip is a patch file for the Novell Client v4.91 SP4 for Windows XP/2003. It includes a fix for a potential security vulnerability in NWFILTER.SYS, found after the 4.91 SP4 client update was released.

details

Overview:
Local exploitation of an input validation error vulnerability within NWFILTER.SYS could allow an unprivileged attacker to execute arbitrary code within the kernel. In order to exploit the vulnerability, an attacker would need to first log in and must then be able to execute a specially-crafted executable.

Architectural problems in the existing NWFILTER.SYS design have been the subject of blue screen and functionality problems for some Novell Client users. Because a redesign of the NWFILTER.SYS driver is already required to address these problems, Novell has opted to remove the NWFILTER.SYS driver entirely rather than patch just the security issue within the existing design. If and when an updated NWFILTER.SYS can be provided that has been redesigned to mitigate both the security issue and the pre-existing architectural problems, the UNC Path Filter functionality can be reinstated.

This package covers three different approaches to disabling NWFILTER.SYS:

1. If the included _491psp4_nwfilter.inf and/or _491psp4_nwfilter.bat are used on a 4.91 SP4 machine, the NWFILTER.SYS file is de-registered as a Windows driver and is deleted from SYSTEM32\NetWare. Furthermore, an updated NWSETUP.DLL is installed, which no longer offers the "UNC Path Filter" setting.

2. If the package is overlaid on to a full 4.91 SP4 installation set, running SETUPSP.EXE to update a 4.91 - 4.91 SP3 machine will apply SP4 but will de-register NWFILTER.SYS as a Windows driver and delete NWFILTER.SYS from SYSTEM32\NetWare. Furthermore, an updated NWSETUP.DLL is installed, which no longer offers the "UNC Path Filter" setting.

3. If the package is overlaid on to a full 4.91 SP4 installation set, running SETUPNW.EXE to perform a clean installation or an upgrade of an existing 4.91 SP4 or earlier will not only omit installing NWFILTER, but will also de-register any existing NWFILTER.SYS instance and delete NWFILTER.SYS from SYSTEM32\NetWare. Furthermore, an updated NWSETUP.DLL is installed, and an updated NCIMAN.EXE is in the "admin" directory of the installation set, neither of which offers the "UNC Path Filter" setting.

System Requirements:
This patch is designed to update the Novell Client v4.91 SP4 for Windows XP/2003. Be sure to install only on this version of the client.

Installation:
1. Do ONE of the following:
a) Run the supplied .bat file.
b) Right-Click on the supplied .inf and click on INSTALL.
2. You will be prompted to reboot. This reboot is required to complete the installation.

The files in this package can also be overlaid on top of a Novell Client 4.91 SP4 installation as described in the "Overview" section, above. To update the installation set with the file in this patch set, copy the directory structure over the top of the i386 folder in your "Novell Client 4.91 SP4" installation.

Known Problems and Limitations:
While applying this patch removes the possibility of being affected by the security vulnerability, it also removes the functionality of NWFILTER.SYS. This could result in performance delays when an application needs to resolve a name in order to locate a network resource. See TID 10080741 for more information about NWFILTER.SYS.

Technical Support Information:
This patch fixes the following issue with the 4.91 SP4 code:

1. Security vulnerability in NWFILTER.SYS. (Bug 329067)

security fixes

CVE-2007-5667, found by Stephen Fewer of Harmony Security (www.harmonysecurity.com) working with the VeriSign iDefense VCP.

file contents

Compressed File Name: 491psp4_nwfilter.zip

Files IncludedSizeDate
readme_5006982.htmlN/A2008-05-14 16:25:24

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.