Novell Client "User Name"字段 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194851 漏洞类型 未知
发布时间 2006-05-25 更新时间 2006-05-25
CVE编号 CVE-2006-2612 CNNVD-ID CNNVD-200605-492
漏洞平台 N/A CVSS评分 2.1
|漏洞来源
https://www.securityfocus.com/bid/87564
https://cxsecurity.com/issue/WLB-2006050155
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-492
|漏洞详情
Windows上的NovellClient4.8和4.9在机器锁定时不限制对剪贴板内容的访问,可进行物理访问的用户可以通过将该内容粘贴到登录提示的"UserName"字段,来读取当前的剪贴板内容。
|漏洞EXP
> Suggested Risk Level: Low.
> 
> Type of Risk:  Information Leakage, Information Injection, Unauthorized
> Access.
> 
> Affected Software:  Novell Client for Windows, versions 4.9 and 4.8 (On
> windows XP Pro and Windows 2000 Workstation).
> This versions are the only one tested, thus other version may be vulnerable
> as well.
> 
> Local / Remote activation:  Local.
> 
> Summary: 
> 
> 1. Anyone with access to the computer's local operating system console, one
> using the Novell client login screen (when the console is locked), can view
> a textual content of the clipboard of the locally logged in user, by
> performing a paste command into the "user name" field of the login form.

We thank Eitan Caspi for his precise analysis of the problem and for 
thoroughly working with us on it. Specifically, we confirm the low 
severity rating of this information leakage, which is why we allow 
ourselves more time than usual to investigate an entirely satisfactory 
solution to the problem. If there will be an update for this issue, our 
customers and users will benefit from it through the regular channels. 
The publication of Eitan's findings is the correct next step - again, we 
thank him for his valuable work.

[...]

> Eitan Caspi
> Israel

Roman Drahtmller,
Novell/SUSE Security.
-- 
 -                                                                      -
| Roman Drahtmller   <draht (at) novell (dot) com [email concealed]> // "You don't need eyes to see, |
  Security Architect    Phone:          //             you need vision!"
| Novell - SUSE Linux   +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -
|受影响的产品
Novell Client 4.9 Windows Novell Client 4.8 Windows
|参考资料

来源:BUGTRAQ
名称:20060522Re:NovellClientloginformenablesreadingandwritingfromandtotheclipboardofthelogged-inuser
链接:http://www.securityfocus.com/archive/1/archive/1/434724/100/0/threaded
来源:BUGTRAQ
名称:20060521NovellClientloginformenablesreadingandwritingfromandtotheclipboardofthelogged-inuser
链接:http://www.securityfocus.com/archive/1/archive/1/434704/100/0/threaded
来源:SECUNIA
名称:20194
链接:http://secunia.com/advisories/20194
来源:XF
名称:novell-client-clipboard-leak(26595)
链接:http://xforce.iss.net/xforce/xfdb/26595
来源:OSVDB
名称:25760
链接:http://www.osvdb.org/25760
来源:SREASON
名称:961
链接:http://securityreason.com/securityalert/961