Novell iPrint Client < 5.64 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 5942

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of Novell iPrint Client earlier than 5.64 are potentially affected by multiple vulnerabilities :

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the uri parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-172 / CVE-2011-1699)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the profile time parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-173 / CVE-2011-1700)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the profile-name parameter from the user specified printer url before passing it to a fixed-length buffer on the heap. (ZDI-11-174 / CVE-2011-1701)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the file-date-time parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-175 / CVE-2011-1702)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the driver version parameter from the user-specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-176 / CVE-2011-1703)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the core-package parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-177 / CVE_2011-1704)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the client-file-name parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-178 / CVE-2011-1705)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the iprint-client-config-info parameter form the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-179 / CVE-2011-1706)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-180 / CVE-2011-1708)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-181 / CVE-2011-1707)

Solution

Upgrade to Novell iPrint Client 5.64 or later.

Plugin Details

Severity: High

ID: 5942

Family: Web Clients

Published: 6/7/2011

Updated: 3/6/2019

Nessus ID: 54988

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:novell:iprint

Patch Publication Date: 6/6/2011

Vulnerability Publication Date: 6/6/2011

Reference Information

CVE: CVE-2011-1699, CVE-2011-1700, CVE-2011-1701, CVE-2011-1702, CVE-2011-1703, CVE-2011-1704, CVE-2011-1705, CVE-2011-1706, CVE-2011-1707, CVE-2011-1708

BID: 48124

Detections

Analytics