TITLE:
Novell Client Clipboard Content Handling Weakness

SECUNIA ADVISORY ID:
SA20194

VERIFY ADVISORY:
http://secunia.com/advisories/20194/

CRITICAL:
Not critical

IMPACT:
Manipulation of data, Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Novell Client for Windows NT/2000/XP
http://secunia.com/product/1516/

DESCRIPTION:
Eitan Caspi has reported a weakness in Novell Client, which can be
exploited by malicious people to disclose potentially sensitive
information and to manipulate certain information.

The weakness is cause due to the Login dialog box of the Novell
client failing to restrict access to the contents of the clipboard
when the system is "locked". This can be exploited to disclose the
text contents of the current user's clipboard by pasting it into the
"User Name" field, or to change the clipboard's content by performing
a copy from the "User Name" field.

Successful exploitation requires access to the affected system.

The weakness has been reported in Novell Client for Windows versions
4.8 and 4.9. Other versions may also be affected.

SOLUTION:
Restrict physical access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Eitan Caspi

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------