CVE-2013-3956

Name of the Vulnerable Software and Affected Versions Novell Client versions 4.91 SP5, 2 SP2, and 2 SP3

Description The issue allows local users to gain privileges via a crafted 0x143B6B IOCTL call to the NICM.SYS kernel driver.

Recommendations For Novell Client version 4.91 SP5, consider restricting access to the NICM.SYS kernel driver until a patch is available. For Novell Client version 2 SP2, avoid using the 0x143B6B IOCTL call in the affected kernel driver until the issue is resolved. For Novell Client version 2 SP3, restrict access to the vulnerable NICM.SYS kernel driver to minimize the risk of exploitation.