TITLE: Novell Client Clipboard Content Handling Weakness SECUNIA ADVISORY ID: SA20194 VERIFY ADVISORY: http://secunia.com/advisories/20194/ CRITICAL: Not critical IMPACT: Manipulation of data, Exposure of sensitive information WHERE: Local system SOFTWARE: Novell Client for Windows NT/2000/XP http://secunia.com/product/1516/ DESCRIPTION: Eitan Caspi has reported a weakness in Novell Client, which can be exploited by malicious people to disclose potentially sensitive information and to manipulate certain information. The weakness is cause due to the Login dialog box of the Novell client failing to restrict access to the contents of the clipboard when the system is "locked". This can be exploited to disclose the text contents of the current user's clipboard by pasting it into the "User Name" field, or to change the clipboard's content by performing a copy from the "User Name" field. Successful exploitation requires access to the affected system. The weakness has been reported in Novell Client for Windows versions 4.8 and 4.9. Other versions may also be affected. SOLUTION: Restrict physical access to affected systems. PROVIDED AND/OR DISCOVERED BY: Eitan Caspi ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------