PT-2007-1593 · Microsoft+2 · Terminal Service+2

Publicado

2007-01-09

Atualizado

2017-07-29

CVE-2007-0108

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Novell Client version 4.91 SP3

Description The issue concerns the nwgina.dll component in Novell Client, which fails to delete user profiles during a Terminal Service or Citrix session. This allows remote authenticated users to invoke alternate user profiles.

Recommendations For Novell Client version 4.91 SP3, consider disabling the nwgina.dll component as a temporary workaround until a patch is available. Restrict access to Terminal Service or Citrix sessions to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-0108

Produtos afetados

Citrix

Novell Client

Terminal Service

PT-2007-1593 · Microsoft+2 · Terminal Service+2

CVE-2007-0108

Identificadores relacionados

Produtos afetados

Referências · 8