CVE-2006-6306

Name of the Vulnerable Software and Affected Versions Novell Client versions 4.91 SP2 through 4.91 SP3

Description A format string issue in the Novell Modular Authentication Services (NMAS) component allows users with physical access to read stack and memory contents. This is achieved by using format string specifiers in the Username field of the logon window.

Recommendations For Novell Client versions 4.91 SP2 and 4.91 SP3, consider restricting access to the logon window to minimize the risk of exploitation. Avoid using format string specifiers in the Username field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.