fkie_cve-2007-5667
Vulnerability from fkie_nvd
Published
2007-11-14 01:46
Modified
2025-04-09 00:30
Severity ?
Summary
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2000 | - | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_server_2003 | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | - | |
| novell | client | 4.91 | |
| novell | client | 4.91 | |
| novell | client | 4.91 | |
| novell | client | 4.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:adv_srv:*:*:*:*:*",
"matchCriteriaId": "4A894A39-8BB4-4923-B4CD-1CB93703B428",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:datacenter_srv:*:*:*:*:*",
"matchCriteriaId": "C3822450-7A42-45DD-A172-E964409C5BB7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:pro:*:*:*:*:*",
"matchCriteriaId": "26CF0F23-E9B6-415F-868A-C883EF11F389",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:srv:*:*:*:*:*",
"matchCriteriaId": "09C3156A-9DCF-4217-A5AC-9D3A5654CAC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:srv:ja:*:*:*:*",
"matchCriteriaId": "64546AE1-1691-4BAF-B2C9-6698F3FFDF87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:std:*:*:*:*:*",
"matchCriteriaId": "9562EC45-0F28-4E4D-AA16-7E34241F26B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:wed:*:*:*:*:*",
"matchCriteriaId": "1DA5F012-9457-4562-B50C-2C674008B494",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64-std:*:*:*:*:*",
"matchCriteriaId": "4EF7C885-1142-477C-9AA2-5068EB9EFE82",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:xp-64bit:*:*:*:*:*",
"matchCriteriaId": "5B5D0781-714B-4BE8-B74A-3A2CBC58F604",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA86830-BEA8-4943-83EA-C267FA534223",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64bit:*:*:*:*:*",
"matchCriteriaId": "40DCD873-93E3-403A-8446-65F7E1B4FAD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*",
"matchCriteriaId": "B95B2BE4-B4E0-4B77-9999-53B9224F5CB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:ibm_oem:*:*:*:*:*",
"matchCriteriaId": "81A690FA-1808-4E4F-8CBC-75FB5358D439",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:pro:*:*:*:*:*",
"matchCriteriaId": "19DA594E-B495-4C5D-BC94-79582D3983C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "E4707F3F-F79E-4085-A81B-569204B7B1DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:client:4.91:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E98A16C1-2026-4C53-B22E-51F07028DCB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:client:4.91:sp2:*:*:*:*:*:*",
"matchCriteriaId": "78A17422-1FFE-4942-A6F1-01F99E4D42F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:client:4.91:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0CBDEB2-98CF-4C6A-A45A-F5B61803E449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:client:4.91:sp4:*:*:*:*:*:*",
"matchCriteriaId": "EDDFB0E9-EF4C-4E9E-9369-453AF2A8481F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \\.\\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations."
},
{
"lang": "es",
"value": "NWFILTER.SYS en Novell Client 4.91 SP 1 hasta el SP 4 para Windows 2000, XP, y Server 2003 toma el dispositivo disponible \\.\\nwfilter para entradas METHOD_NEITHER IOCTLs en modo usuario de su elecci\u00f3n, lo cual permite a usuarios locales ganar privilegios pasando la direcci\u00f3n del n\u00facleo como un argumento y sobrescribiendo localizaciones de la memoria del n\u00facleo."
}
],
"id": "CVE-2007-5667",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-14T01:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40867"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27678"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26420"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018943"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3846"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38434"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…