Novell NetWare Client Print Provider (nwspool.dll) Multiple Function Overflow

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a DLL that suffers from a buffer
overflow flaw.

Description :

The file 'nwspool.dll' included with the Novell Client software
reportedly contains a buffer overflow that can be triggered by long
arguments to the Win32 'EnumPrinters()' and 'OpenPrinter()' functions.
An anonymous remote attacker may be able to leverage this issue via
RPC requests to the Spooler service to execute arbitrary code remotely
on the affected host.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-06-043.html
http://www.securityfocus.com/archive/1/archive/1/453012/100/0/threaded
http://www.novell.com/support/kb/doc.php?id=3125538

Solution :

Install the 491psp3_nwspool.exe patch file referenced in the vendor
advisory above.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 23699 ()

Bugtraq ID: 21220

CVE ID: CVE-2006-5854

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now