Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user
From: Roman Drahtmueller <draht@xxxxxxxxxx>
Date: Mon, 22 May 2006 19:43:40 +0200 (CEST)
In-reply-to: <!&!AAAAAAAAAAAYAAAAAAAAAJz0KZpHP7wRvCX295XW5YHCgAAAEAAAALz7PLHU7AZKkLvErNKE6XgBAAAAAA==@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <!&!AAAAAAAAAAAYAAAAAAAAAJz0KZpHP7wRvCX295XW5YHCgAAAEAAAALz7PLHU7AZKkLvErNKE6XgBAAAAAA==@xxxxxxxxx>
Reply-to: Roman Drahtmueller <draht@xxxxxxxxxx>
Sender: draht@xxxxxxx

> Suggested Risk Level: Low.
> 
> Type of Risk:  Information Leakage, Information Injection, Unauthorized
> Access.
> 
> Affected Software:  Novell Client for Windows, versions 4.9 and 4.8 (On
> windows XP Pro and Windows 2000 Workstation).
> This versions are the only one tested, thus other version may be vulnerable
> as well.
> 
> Local / Remote activation:  Local.
> 
> Summary: 
> 
> 1. Anyone with access to the computer's local operating system console, one
> using the Novell client login screen (when the console is locked), can view
> a textual content of the clipboard of the locally logged in user, by
> performing a paste command into the "user name" field of the login form.


We thank Eitan Caspi for his precise analysis of the problem and for 
thoroughly working with us on it. Specifically, we confirm the low 
severity rating of this information leakage, which is why we allow 
ourselves more time than usual to investigate an entirely satisfactory 
solution to the problem. If there will be an update for this issue, our 
customers and users will benefit from it through the regular channels. 
The publication of Eitan's findings is the correct next step - again, we 
thank him for his valuable work.

[...]

> Eitan Caspi
> Israel

Roman Drahtmüller,
Novell/SUSE Security.
-- 
 -                                                                      -
| Roman Drahtmüller   <draht@xxxxxxxxxx> // "You don't need eyes to see, |
  Security Architect    Phone:          //             you need vision!"
| Novell - SUSE Linux   +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -

References:
- Novell Client login form enables reading and writing from and to the clipboard of the logged-in user
  - From: EitanCaspi@xxxxxxxxx

Prev by Date: Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1
Next by Date: CANews Multiple Vulnerabilities
Previous by thread: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user
Next by thread: Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06
Index(es):
- Date
- Thread