Novell iPrint Client < 5.44 Multiple Vulnerabilities

high Nessus Plugin ID 48407

Language:

Synopsis

The remote host contains an application that is affected by multiple vulnerabilities.

Description

Novell iPrint Client version older than 5.44 is installed on the remote host. Such versions are reportedly affected by multiple remote code execution vulnerabilities:

- A buffer overflow was discovered in how iPrint client handles the 'call-back-url' parameter value for a 'op-client-interface-version' operation where the 'result-type' parameter is set to 'url'.

- An uninitialized pointer vulnerability in ienipp.ocx was discovered and allows an attacker to exploit an issue where the uninitialized pointer is called and the process jumps to an address space controllable by the attacker.

Solution

Upgrade to Novell iPrint Client 5.44 or later.

Note that there is no fix available for Novell iPrint Client 4.x branch so users should consider upgrading to 5.44 or later.

See Also

http://dvlabs.tippingpoint.com/advisory/TPTI-10-08

https://secuniaresearch.flexerasoftware.com/secunia_research/2010-104/

http://download.novell.com/Download?buildid=H-2-uHNc5-A~

https://support.microfocus.com/kb/doc.php?id=7006679

Plugin Details

Severity: High

ID: 48407

File Name: novell_iprint_544.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 8/23/2010

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:novell:iprint

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/19/2010

Vulnerability Publication Date: 8/19/2010

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Novell iPrint Client ActiveX Control call-back-url Buffer Overflow)

Reference Information

CVE: CVE-2010-1527, CVE-2010-3105

BID: 42576

Secunia: 40805