Novell NetWare Client Print Provider (nwspool.dll) Multiple Function Overflow

high Nessus Plugin ID 23699

Synopsis

The remote Windows host contains a DLL that suffers from a buffer overflow flaw.

Description

The file 'nwspool.dll' included with the Novell Client software reportedly contains a buffer overflow that can be triggered by long arguments to the Win32 'EnumPrinters()' and 'OpenPrinter()' functions.
An anonymous remote attacker may be able to leverage this issue via RPC requests to the Spooler service to execute arbitrary code remotely on the affected host.

Solution

Install the 491psp3_nwspool.exe patch file referenced in the vendor advisory above.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-06-043/

https://www.securityfocus.com/archive/1/archive/1/453012/100/0/threaded

https://support.microfocus.com/kb/doc.php?id=3125538

Plugin Details

Severity: High

ID: 23699

File Name: novell_tid2974765.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 11/21/2006

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/13/2006

Vulnerability Publication Date: 11/20/2006

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2006-5854

BID: 21220