Novell Client 4.91存在格式串问题,此漏洞是由于不正确解析NMAS (Novell Modular Authentication Services)中的信息消息窗口的格式串造成的。
攻击者可以在Novell登录的用户名字段中输入格式串数据,在NMAS标签下选择"Sequences",可从winlogon进程堆栈中读取数据或从任意内存中读取数据。
也可以造成拒绝服务攻击。
Novell Client 4.91 SP3
Novell Client 4.91 SP2
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
目前没有解决方案提供:
<a href="http://www.novell.com/" target="_blank">http://www.novell.com/</a>
京公网安备 11010502034610号
暂无评论