Novell iPrint Client < 5.42 Multiple Flaws

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
vulnerabilities.

Description :

Novell iPrint Client version older than 5.42 is installed on the
remote host. Such versions are reportedly affected by multiple
vulnerabilities :

- Due to a flaw in nipplib.dll module, it may be possible
for a remote attacker to delete arbitrary files from
the remote system via the 'CleanUploadFiles' method
provided by an ActiveX control. (TPTI-10-05)

- By passing a specially crafted value to the 'debug'
parameter in the ActiveX control ienipp.ocx, it may be
possible for an attacker to trigger a stack-based
buffer overflow, potentially resulting in arbitrary
code execution within the context of the user running
the browser. (TPTI-10-06)

- Due to improper validation of plugin parameters, it may
be possible for an attacker to trigger a buffer overflow
condition resulting in arbitrary code execution within
the context of the user running the browser.
(ZDI-10-139)

- Due to improper validation of plugin parameters, it may
be possible for an attacker to trigger a stack-based
buffer overflow, potentially resulting in arbitrary code
execution within the context of the user running the
browser. (ZDI-10-140)

See also :

http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
http://dvlabs.tippingpoint.com/advisory/TPTI-10-06
http://www.zerodayinitiative.com/advisories/ZDI-10-139
http://www.zerodayinitiative.com/advisories/ZDI-10-140
http://seclists.org/fulldisclosure/2010/Aug/65
http://seclists.org/fulldisclosure/2010/Aug/66
http://seclists.org/fulldisclosure/2010/Aug/69
http://seclists.org/fulldisclosure/2010/Aug/70
http://download.novell.com/Download?buildid=ftwZBxEFjIg~

Solution :

Upgrade to Novell iPrint Client 5.42 or later.

Note that there is no fix available for Novell iPrint Client 4.x
branch so users should consider upgrading to 5.42 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 48364 ()

Bugtraq ID: 42100

CVE ID: CVE-2010-3106
CVE-2010-3107
CVE-2010-3108
CVE-2010-3109

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now