Novell Client TS/Citrix Session Arbitrary User Profile Invocation
Medium Nessus Plugin ID 23978
SynopsisThe remote Windows host contains a DLL that is affected by an unauthorized access vulnerability.
DescriptionThe file 'nwgina.dll' included with the Novell Client software reportedly fails to delete user profiles when in a Terminal Server / Citrix session. A local user may be able to leverage this issue to invoke other user profiles on the affected host.
SolutionInstall the 491psp3_nwgina.exe patch file referenced in the vendor advisory above.