Novell iPrint Client < 5.44 Multiple Vulnerabilities
High Nessus Plugin ID 48407
SynopsisThe remote host contains an application that is affected by multiple vulnerabilities.
DescriptionNovell iPrint Client version older than 5.44 is installed on the remote host. Such versions are reportedly affected by multiple remote code execution vulnerabilities:
- A buffer overflow was discovered in how iPrint client handles the 'call-back-url' parameter value for a 'op-client-interface-version' operation where the 'result-type' parameter is set to 'url'.
- An uninitialized pointer vulnerability in ienipp.ocx was discovered and allows an attacker to exploit an issue where the uninitialized pointer is called and the process jumps to an address space controllable by the attacker.
SolutionUpgrade to Novell iPrint Client 5.44 or later.
Note that there is no fix available for Novell iPrint Client 4.x branch so users should consider upgrading to 5.44 or later.