Synopsis :

The remote host contains an application that is affected by multiple
vulnerabilities.

Description :

The version of Novell iPrint Client installed on the remote host is
earlier than 5.64. Such versions are reportedly affected by one or
more of the following vulnerabilities in the nipplib.dll component, as
used by both types of browser plugins, that can allow for arbitrary
code execution :

- The uri parameter from user specified printer-url is
not properly handled before passing it to a fixed-length
buffer on the heap. (ZDI-11-172 / CVE-2011-1699)

- The profile-time parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-173 / CVE-2011-1700)

- The profile-name parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-174 / CVE-2011-1701)

- The file-date-time parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-175 / CVE-2011-1702)

- The driver-version parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-176 / CVE-2011-1703)

- The core-package parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-177 / CVE-2011-1704)

- The client-file-name parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-178 / CVE-2011-1705)

- The iprint-client-config-info parameter from the user
specified printer-url is not properly handled before
passing it to a fixed-length buffer on the heap.
(ZDI-11-179 / CVE-2011-1706)

- The op-printer-list-all-jobs cookie parameter from the
user specified printer-url is not properly handled
before passing it to a fixed-length buffer on the heap.
(ZDI-11-180 / CVE-2011-1708)

- The op-printer-list-all-jobs url parameter from the user
specified printer-url is not properly handled before
passing it to a fixed-length buffer on the heap.
(ZDI-11-181 / CVE-2011-1707)

See also :

http://download.novell.com/Download?buildid=6_bNby38ERg~
http://www.zerodayinitiative.com/advisories/ZDI-11-172/
http://www.zerodayinitiative.com/advisories/ZDI-11-173/
http://www.zerodayinitiative.com/advisories/ZDI-11-174/
http://www.zerodayinitiative.com/advisories/ZDI-11-175/
http://www.zerodayinitiative.com/advisories/ZDI-11-176/
http://www.zerodayinitiative.com/advisories/ZDI-11-177/
http://www.zerodayinitiative.com/advisories/ZDI-11-178/
http://www.zerodayinitiative.com/advisories/ZDI-11-179/
http://www.zerodayinitiative.com/advisories/ZDI-11-180/
http://www.zerodayinitiative.com/advisories/ZDI-11-181/
http://www.securityfocus.com/archive/1/518266/30/0/threaded
http://www.securityfocus.com/archive/1/518267/30/0/threaded
http://www.securityfocus.com/archive/1/518269/30/0/threaded
http://www.securityfocus.com/archive/1/518270/30/0/threaded
http://www.securityfocus.com/archive/1/518271/30/0/threaded
http://www.securityfocus.com/archive/1/518268/30/0/threaded
http://www.securityfocus.com/archive/1/518272/30/0/threaded
http://www.securityfocus.com/archive/1/518273/30/0/threaded
http://www.securityfocus.com/archive/1/518274/30/0/threaded
http://www.securityfocus.com/archive/1/518275/30/0/threaded

Solution :

Upgrade to Novell iPrint Client 5.64 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false