Novell Client post-4.91, SP1, and SP2 NWFILTER
This document (5006983) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
patches that supersede this patch
patch attributes
document
abstract
491presp3_nwfilter.zip is a patch file for the Novell Client v4.91, Novell Client v4.91 SP1 and Novell Client v4.91 SP2 for Windows 2000/XP/2003. It includes a fix for a potential security vulnerability in NWFILTER.SYS, found after the Client was released.
details
Overview:
Local exploitation of an input validation error vulnerability within NWFILTER.SYS could allow an unprivileged attacker to execute arbitrary code within the kernel. In order to exploit the vulnerability, an attacker would need to first log in and must then be able to execute a specially-crafted executable.
Architectural problems in the existing NWFILTER.SYS design have been the subject of blue screen and functionality problems for some Novell Client users. Because a redesign of the NWFILTER.SYS driver is already required to address these problems, Novell has opted to remove the NWFILTER.SYS driver entirely rather than patch just the security issue within the existing design. If and when an updated NWFILTER.SYS can be provided that has been redesigned to mitigate both the security issue and the pre-existing architectural problems, the UNC Path Filter functionality can be reinstated.
If the included _491presp3_nwfilter.inf and/or _491presp3_nwfilter.bat are used on a 4.91, 4.91 SP1 or 4.91 SP2 machine, the NWFILTER.SYS file is de-registered as a Windows driver and is deleted from SYSTEM32\NetWare.
System Requirements:
This patch is designed to update the Novell Client v4.91, Novell Client v4.91 SP1, and Novell Client v4.91 SP2 for Windows 2000/XP/2003. Be sure to install only on these versions of the client. For the Novell Client 4.91 SP3 or the Novell Client 4.91 SP4, please download the package appropriate to that version.
Installation:
1. Do ONE of the following:
a) Run the supplied .bat file.
b) Right-Click on the supplied .inf and click on INSTALL.
2. You will be prompted to reboot. This reboot is required to complete the installation.
Known Problems and Limitations:
While applying this patch removes the possibility of being affected by the security vulnerability, it also removes the functionality of NWFILTER.SYS. This could result in performance delays when an application needs to resolve a name in order to locate a network resource. See TID 10080741 for more information about NWFILTER.SYS.
Technical Support Information:
This patch fixes the following issue with the 4.91, 4.91 SP1, and 4.91 SP2 code:
1. Security vulnerability in NWFILTER.SYS. (Bug 329067)
security fixes
CVE-2007-5667, found by Stephen Fewer of Harmony Security (www.harmonysecurity.com) working with the VeriSign iDefense VCP.
file contents
Compressed File Name: 491presp3_nwfilter.zip
| Files Included | Size | Date |
|---|---|---|
| readme_5006983.html | N/A | 2008-05-14 16:25:44 |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.