Novell Client nwspool.dll RPC Printer Functions Remote Overflow (300870)
Critical Nessus Plugin ID 25952
SynopsisThe remote Windows host contains a DLL that is affected by multiple buffer overflow vulnerabilities.
DescriptionThe file 'nwspool.dll' included with the Novell Client software on the remote host reportedly contains several buffer overflow vulnerabilities that can be triggered via specially crafted RPC requests. An unauthenticated, remote attacker may be able to leverage these issues with overly long arguments to RPC requests such as 'RpcAddPrinterDriver' and 'RpcGetPrinterDriverDirectory' to cause a denial of service or to execute arbitrary code remotely on the affected host.
SolutionInstall the 491psp2_3_4_nwspool.zip Field Test File per the vendor advisory referenced above.