Novell iPrint Client ActiveX Control Multiple Vulnerabilities

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
multiple vulnerabilities.

Description :

Novell iPrint Client is installed on the remote host.

An ActiveX control included with Novell iPrint Client is affected
by multiple vulnerabilities.

- Vulnerabilities affecting GetDriverFile(),
GetDriverSettings() GetPrinterURLList(), GetFileList(),
GetServerVersion(), UploadResource(), ExecuteRequest(),
UploadResource(), and UploadResourceToRMS() methods in
'ienipp.ocx' could be exploited to perform stack based
buffer overflows and execute arbitrary code on the
remote system. (CVE-2008-2431)

- A vulnerability in IppGetDriverSettings() method in
nipplib.dll could be exploited to perform a stack based
buffer overflow (CVE-2008-5231).

- A vulnerability in GetFileList() method may disclose
sensitive information. (CVE-2008-2432)

See also :

http://secunia.com/secunia_research/2008-27/advisory/
http://secunia.com/secunia_research/2008-30/advisory/
http://download.novell.com/Download?buildid=_BILqzyqc2g~

Solution :

Upgrade to version 5.06.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34049 ()

Bugtraq ID: 30813

CVE ID: CVE-2008-2431
CVE-2008-2432
CVE-2008-5231

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now