CVE-2007-0108

Current Description

nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.

Basic Data

PublishedJanuary 09, 2007
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.0
SeverityMEDIUM
Exploitability Score6.8
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNovellClient4.91sp3******

Vulnerable Software List

VendorProductVersions
Novell Client 4.91

References

NameSourceURLTags
31358http://osvdb.org/31358OSVDB
23619http://secunia.com/advisories/23619SECUNIAVendor Advisory
1017471http://securitytracker.com/id?1017471SECTRACK
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htmhttp://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htmCONFIRMVendor Advisory
21886http://www.securityfocus.com/bid/21886BID
ADV-2007-0064http://www.vupen.com/english/advisories/2007/0064VUPEN
novell-profile-security-bypass(31343)https://exchange.xforce.ibmcloud.com/vulnerabilities/31343XF