Novell iPrint Client < 5.90 Stack-Based Buffer Overflow

critical Nessus Plugin ID 66335

Synopsis

The remote host contains an application that is affected by a buffer overflow vulnerability.

Description

The version of Novell iPrint Client installed on the remote host is earlier than 5.90. It therefore is reportedly affected by an unspecified, remote, stack-based buffer overflow vulnerability that could allow arbitrary code execution.

Solution

Upgrade to Novell iPrint Client 5.90 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-13-096/

http://download.novell.com/Download?buildid=IVBoF47txKo~&patch_redirect=true&old_patch=k6yH0sy992E~

https://support.microfocus.com/kb/doc.php?id=7012344

Plugin Details

Severity: Critical

ID: 66335

File Name: novell_iprint_590.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 5/7/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:novell:iprint

Required KB Items: SMB/Novell/iPrint/Version, SMB/Novell/iPrint/Version_UI

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/1/2013

Vulnerability Publication Date: 5/1/2013

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-1091

BID: 59612