Detections
Analytics
Novell iPrint Client < 5.44 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 5648
Synopsis
The remote host contains an application that is vulnerable to multiple attack vectors.Description
Versions of Novell iPrint Client earlier than 5.44 are potentially affected by multiple vulnerabilities :- A buffer overflow was discovered in how iPrint client handles the 'call-back-url' parameter value for a 'op-client-interface-version' operation where the 'result-type' parameter is set to 'url'.
- An uninitialized pointer vulnerability in ienipp.ocx was discovered and allows an attacker to exploit an issue where the uninitialized pointer is called and the process jumps to an address space controllable by the attacker.
Solution
Upgrade to Novell iPrint Client 5.44 or later.See Also
http://dvlabs.tippingpoint.com/advisory/TPTI-10-08
http://secunia.com/secunia_research/2010-104
http://download.novell.com/Download?buildid=H-2-uHNc5-A~
http://www.novell.com/support/viewContent.do?externalId=7006679
Plugin Details
Severity: Medium
ID: 5648
Family: Web Clients
Published: 8/25/2010
Updated: 3/6/2019
Nessus ID: 48407
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:novell:iprint
Patch Publication Date: 8/19/2010
Vulnerability Publication Date: 8/19/2010
Exploitable With
CANVAS (D2ExploitPack)
Metasploit (Novell iPrint Client ActiveX Control call-back-url Buffer Overflow)
Reference Information
CVE: CVE-2010-1527, CVE-2010-3105
BID: 42576