Vulnerability Name:

CVE-2007-5762 (CCN-39576)

Assigned:2007-10-31
Published:2008-01-09
Updated:2017-07-29
Summary:NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-5762

Source: CCN
Type: Novell Web site
Novell Client 4.91 Post-SP3/4 NICM.SYS

Source: CONFIRM
Type: Patch
http://download.novell.com/Download?buildid=4FmI89wOmg4~

Source: IDEFENSE
Type: Patch
20080109 Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability

Source: CCN
Type: Packetstorm Security Website
Novell Client 4.91 SP3/4 Privilege Escalation

Source: CCN
Type: SA28396
Novell Client nicm.sys Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
28396

Source: CCN
Type: SECTRACK ID: 1019172
NetWare 'nicm.sys' Driver Lets Local Users Gain Kernel Level Privileges

Source: CCN
Type: OSVDB ID: 40871
Novell NetWare Client NICM.SYS Local Privilege Escalation

Source: BID
Type: Patch
27209

Source: CCN
Type: BID-27209
Novell Client for Windows 'nicm.sys 'Local Privilege Escalation Vulnerability

Source: CCN
Type: BID-29109
Novell Client for Windows Forgotten Password Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019172

Source: VUPEN
Type: UNKNOWN
ADV-2008-0088

Source: XF
Type: UNKNOWN
novell-client-nicm-privilege-escalation(39576)

Source: XF
Type: UNKNOWN
novell-client-nicm-privilege-escalation(39576)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 01.09.08
Novell NetWare Client nicm.sys Local Privilege Escalation Vulnerability

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-22-2012]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:netware_client:4.91:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:netware_client:4.91:sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell netware client 4.91 sp4
    novell netware client 4.91 sp4