Is this really anything to be concerned about. This was forwarded to me
from one of our security people.

Type of Risk: Information Leakage, Information Injection, Unauthorized
Access.


Affected Software: Novell Client for Windows, versions 4.9 and 4.8 (On
windows XP Pro and Windows 2000 Workstation).
This versions are the only one tested, thus other version may be
vulnerable
as well.


Local / Remote activation: Local.


Summary:

1. Anyone with access to the computer's local operating system console,
one using the Novell client login screen (when the console is locked),
can view a textual content of the clipboard of the locally logged in
user, by performing a paste command into the "user name" field of the
login form.

2. Anyone with access to the computer's local operating system console,
one using the Novell client login screen (when the console is locked), can
inject its own textual content into the clipboard of the currently logged-
in user by adding, temporally, a text string into the "user name" field
of the login form, and then copy it into the clipboard.
This can also be done if no user is yet logged-in to the computer (after
booting the computer or after a user logged off).
The text will remain in the clipboard after a user logged in, and if the
user will perform a paste command the content will be injected into the
user's console session.

Summary Notes:
1. One must remember that access to the console may be achieved not only
by a local presence of the attacker but also via a remote control
application, if one is installed on the computer.

2. I assume non-textual content is accessible as well, but due to the
nature of the relevant field in the login form only textual content can
be pasted into it.

Possible Abuses:
1. A local attacker can read the last textual information added to the
clipboard by the logged in user, without a need to authenticate.
2. A local attacker can damage the logged in user's data if a careless
user will paste the attacker's text into any application, and the user
will notreview it before using it.
3. A local attacker can damage the logged in user's operating system or
applications if a careless user will paste the attacker's text as a
command, and the user will not review it before executing it.

Reproduction:
1. Clipboard read:
a. Log in to the operating system.
b. Open any text editor (or any textual field in the operating system or
application), and write a unique text.
c. Copy the text you just wrote (select it and press ctrl+c).
d. Lock the console by pressing ctrl+alt+del and clicking on the "lock
computer" button.
e. Press ctrl+alt+del to open the Novell login form.
f. Click in the "user name" field and if there is a text inside, delete it
or select all of it.
g. Press ctrl+v, and the text you copied before will appear in "user name"
field.

1. Clipboard write:
a. Log in to the operating system.
b. Lock the console by pressing ctrl+alt+del and clicking on the "lock
computer" button.
c. Press ctrl+alt+del to open the Novell login form.
d. Click in the "user name" field and if there is a text inside, delete it
or select all of it.
e. Write a unique text.
f. Copy the text you just wrote (select it and press ctrl+c).
g. Delete this unique text.
h. Perform a regular log in to the operating system.
i. Open any text editor (or any textual field in the operating system or
application), and press ctrl+v, and the text you copied before will
appear.

Steps "a" and "b" can be replaced by booting or restarting the operating
system and once the graphical interface has been displayed, proceed to
step c.