Detections
Analytics

Novell iPrint Client < 5.56 Multiple Vulnerabilities

high Nessus Plugin ID 51367

Language:

Synopsis

The remote host contains an application that is affected by multiple vulnerabilities.

Description

The version of Novell iPrint Client installed on the remote host is earlier than 5.56. Such versions are reportedly affected by one or more of the following vulnerabilities that can allow for arbitrary code execution :

 - The iPrint ActiveX control fails to sanitize input to the 'GetDriverSettings2()' method in the 'ienipp.ocx' component before copying it into a fixed-length buffer on the stack. (ZDI-10-256 / CVE-2010-4321)

 - There is a stack-based buffer overflow in both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components ('npnipp.dll' and 'ienipp.ocx') due to their failure to sufficiently validate the size of a printer-state-reasons status response. (ZDI-10-295)

 - Buffer overflows exist in both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components ('npnipp.dll' and 'ienipp.ocx') due to their failure to sufficiently validate the size of an IPP response from a user provided printer-url. (ZDI-10-296 and ZDI-10-299)

 - The 'nipplib.dll component, as used by both types of browser plugins, does not properly handle the value of the Location response header in an HTTP 301 response when copying it into a buffer of fixed size.
 (ZDI-10-297)

 - A stack-based buffer overflow exists in the 'npnipp.dll' Mozilla browser plugin because it fails to validate a user input to a call-back-url before passing it to a urlencode function and copying the result into a fixed-length buffer. (ZDI-10-298)

 - The 'nipplib.dll component, as used by both types of browser plugins, does not properly handle the value of the Connection response header in an HTTP response when copying it into a stack-based buffer of fixed size. (ZDI-10-300)

Solution

Upgrade to Novell iPrint Client 5.56 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-10-256/

https://www.zerodayinitiative.com/advisories/ZDI-10-295/

https://www.zerodayinitiative.com/advisories/ZDI-10-296/

https://www.zerodayinitiative.com/advisories/ZDI-10-297/

https://www.zerodayinitiative.com/advisories/ZDI-10-298/

https://www.zerodayinitiative.com/advisories/ZDI-10-299/

https://www.zerodayinitiative.com/advisories/ZDI-10-300/

https://seclists.org/fulldisclosure/2010/Nov/213

https://seclists.org/fulldisclosure/2010/Dec/642

https://seclists.org/fulldisclosure/2010/Dec/643

https://seclists.org/fulldisclosure/2010/Dec/644

https://seclists.org/fulldisclosure/2010/Dec/645

https://seclists.org/fulldisclosure/2010/Dec/646

https://seclists.org/fulldisclosure/2010/Dec/647

http://download.novell.com/Download?buildid=JV7fd0tFHHM~

Plugin Details

Severity: High

ID: 51367

File Name: novell_iprint_556.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 12/29/2010

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:novell:iprint

Required KB Items: SMB/Novell/iPrint/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/22/2010

Vulnerability Publication Date: 11/18/2010

Exploitable With

Core Impact

Metasploit (Novell iPrint Client ActiveX Control Buffer Overflow)

Reference Information

CVE: CVE-2010-4321

BID: 44966, 45301