Novell iPrint Client < 5.64 Multiple Vulnerabilities

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
vulnerabilities.

Description :

The version of Novell iPrint Client installed on the remote host is
prior to 5.64. It is, therefore, affected by one or more of the
following vulnerabilities in the nipplib.dll component, as used by
both types of browser plugins, that can allow for arbitrary code
execution :

- The uri parameter from user specified printer-url is
not properly handled before passing it to a fixed-length
buffer on the heap. (ZDI-11-172 / CVE-2011-1699)

- The profile-time parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-173 / CVE-2011-1700)

- The profile-name parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-174 / CVE-2011-1701)

- The file-date-time parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-175 / CVE-2011-1702)

- The driver-version parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-176 / CVE-2011-1703)

- The core-package parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-177 / CVE-2011-1704)

- The client-file-name parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-178 / CVE-2011-1705)

- The iprint-client-config-info parameter from the user
specified printer-url is not properly handled before
passing it to a fixed-length buffer on the heap.
(ZDI-11-179 / CVE-2011-1706)

- The op-printer-list-all-jobs cookie parameter from the
user specified printer-url is not properly handled
before passing it to a fixed-length buffer on the heap.
(ZDI-11-180 / CVE-2011-1708)

- The op-printer-list-all-jobs url parameter from the user
specified printer-url is not properly handled before
passing it to a fixed-length buffer on the heap.
(ZDI-11-181 / CVE-2011-1707)

See also :

http://download.novell.com/Download?buildid=6_bNby38ERg~
http://www.zerodayinitiative.com/advisories/ZDI-11-172/
http://www.zerodayinitiative.com/advisories/ZDI-11-173/
http://www.zerodayinitiative.com/advisories/ZDI-11-174/
http://www.zerodayinitiative.com/advisories/ZDI-11-175/
http://www.zerodayinitiative.com/advisories/ZDI-11-176/
http://www.zerodayinitiative.com/advisories/ZDI-11-177/
http://www.zerodayinitiative.com/advisories/ZDI-11-178/
http://www.zerodayinitiative.com/advisories/ZDI-11-179/
http://www.zerodayinitiative.com/advisories/ZDI-11-180/
http://www.zerodayinitiative.com/advisories/ZDI-11-181/
http://www.securityfocus.com/archive/1/518266/30/0/threaded
http://www.securityfocus.com/archive/1/518267/30/0/threaded
http://www.securityfocus.com/archive/1/518269/30/0/threaded
http://www.securityfocus.com/archive/1/518270/30/0/threaded
http://www.securityfocus.com/archive/1/518271/30/0/threaded
http://www.securityfocus.com/archive/1/518268/30/0/threaded
http://www.securityfocus.com/archive/1/518272/30/0/threaded
http://www.securityfocus.com/archive/1/518273/30/0/threaded
http://www.securityfocus.com/archive/1/518274/30/0/threaded
http://www.securityfocus.com/archive/1/518275/30/0/threaded

Solution :

Upgrade to Novell iPrint Client 5.64 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now