Novell iPrint Client < 5.56 Multiple Vulnerabilities

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
vulnerabilities.

Description :

The version of Novell iPrint Client installed on the remote host is
earlier than 5.56. Such versions are reportedly affected by one or
more of the following vulnerabilities that can allow for arbitrary
code execution :

- The iPrint ActiveX control fails to sanitize input to
the 'GetDriverSettings2()' method in the 'ienipp.ocx'
component before copying it into a fixed-length buffer
on the stack. (ZDI-10-256 / CVE-2010-4321)

- There is a stack-based buffer overflow in both the
Netscape (Firefox) and ActiveX (Internet Explorer)
plugin components ('npnipp.dll' and 'ienipp.ocx') due to
their failure to sufficiently validate the size of a
printer-state-reasons status response. (ZDI-10-295)

- Buffer overflows exist in both the Netscape (Firefox)
and ActiveX (Internet Explorer) plugin components
('npnipp.dll' and 'ienipp.ocx') due to their failure to
sufficiently validate the size of an IPP response from
a user provided printer-url. (ZDI-10-296 and ZDI-10-299)

- The 'nipplib.dll component, as used by both types of
browser plugins, does not properly handle the value of
the Location response header in an HTTP 301 response
when copying it into a buffer of fixed size.
(ZDI-10-297)

- A stack-based buffer overflow exists in the 'npnipp.dll'
Mozilla browser plugin because it fails to validate a
user input to a call-back-url before passing it to a
urlencode function and copying the result into a
fixed-length buffer. (ZDI-10-298)

- The 'nipplib.dll component, as used by both types of
browser plugins, does not properly handle the value of
the Connection response header in an HTTP response when
copying it into a stack-based buffer of fixed size.
(ZDI-10-300)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-256
http://www.zerodayinitiative.com/advisories/ZDI-10-295
http://www.zerodayinitiative.com/advisories/ZDI-10-296
http://www.zerodayinitiative.com/advisories/ZDI-10-297
http://www.zerodayinitiative.com/advisories/ZDI-10-298
http://www.zerodayinitiative.com/advisories/ZDI-10-299
http://www.zerodayinitiative.com/advisories/ZDI-10-300
http://seclists.org/fulldisclosure/2010/Nov/213
http://seclists.org/fulldisclosure/2010/Dec/642
http://seclists.org/fulldisclosure/2010/Dec/643
http://seclists.org/fulldisclosure/2010/Dec/644
http://seclists.org/fulldisclosure/2010/Dec/645
http://seclists.org/fulldisclosure/2010/Dec/646
http://seclists.org/fulldisclosure/2010/Dec/647
http://download.novell.com/Download?buildid=JV7fd0tFHHM~

Solution :

Upgrade to Novell iPrint Client 5.56 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 51367 ()

Bugtraq ID: 44966
45301

CVE ID: CVE-2010-4321

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now