Novell iPrint Client < 5.32 Multiple Buffer Overflow Vulnerabilities

medium Nessus Network Monitor Plugin ID 5255

Synopsis

The remote Windows host has an application that is vulnerable to multiple attack vectors.

Description

The installed version of Novell iPrint Client is affected by multiple buffer overflow vulnreabilities :

- A stack-based buffer overflow exists due to insufficient boudnary checks on the 'target-frame' parameter. (CVE-2009-1568)

- A stack-based buffer overflow exists due to insufficient validation of time information. (CVE-2009-1569)

Solution

Upgrade to Novell iPrint Client version 5.32 or later.

See Also

http://download.novell.com/Download?buildid=29T3EFRky18~

http://secunia.com/secunia_research/2009-40

http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0174.html

http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0175.html

http://secunia.com/secunia_research/2009-44

Plugin Details

Severity: Medium

ID: 5255

Family: Web Clients

Published: 12/9/2009

Updated: 3/6/2019

Nessus ID: 43060

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:novell:iprint_client

Patch Publication Date: 12/8/2009

Vulnerability Publication Date: 12/8/2009

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (Novell iPrint Client ActiveX Control Date/Time Buffer Overflow)

Reference Information

CVE: CVE-2009-1568, CVE-2009-1569

BID: 37242