Vulnerabilities > CVE-2007-0108 - Unspecified vulnerability in Novell Client 4.91
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows |
NASL id | NOVELL_TID2974970.NASL |
description | The file |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23978 |
published | 2007-01-06 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23978 |
title | Novell Client TS/Citrix Session Arbitrary User Profile Invocation |
References
- http://osvdb.org/31358
- http://secunia.com/advisories/23619
- http://securitytracker.com/id?1017471
- http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm
- http://www.securityfocus.com/bid/21886
- http://www.vupen.com/english/advisories/2007/0064
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31343