Novell iPrint Client < 5.32 Multiple Buffer Overflow Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5255

Synopsis

The remote Windows host has an application that is vulnerable to multiple attack vectors.

Description

The installed version of Novell iPrint Client is affected by multiple buffer overflow vulnreabilities :

- A stack-based buffer overflow exists due to insufficient boudnary checks on the 'target-frame' parameter. (CVE-2009-1568)

- A stack-based buffer overflow exists due to insufficient validation of time information. (CVE-2009-1569)

Solution

Upgrade to Novell iPrint Client version 5.32 or later.

See Also

http://secunia.com/secunia_research/2009-40

http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0174.html

http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0175.html

http://download.novell.com/Download?buildid=29T3EFRky18~

http://secunia.com/secunia_research/2009-44

Plugin Details

Severity: Medium

ID: 5255

Family: Web Clients

Published: 2009/12/09

Modified: 2016/01/19

Dependencies: 4543

Nessus ID: 43060

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2009/12/08

Vulnerability Publication Date: 2009/12/08

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (Novell iPrint Client ActiveX Control Date/Time Buffer Overflow)

Reference Information

CVE: CVE-2009-1568, CVE-2009-1569

BID: 37242