Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Novell iPrint Client < 5.64 Multiple Vulnerabilities

High

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

Versions of Novell iPrint Client earlier than 5.64 are potentially affected by multiple vulnerabilities :

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the uri parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-172 / CVE-2011-1699)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the profile time parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-173 / CVE-2011-1700)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the profile-name parameter from the user specified printer url before passing it to a fixed-length buffer on the heap. (ZDI-11-174 / CVE-2011-1701)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the file-date-time parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-175 / CVE-2011-1702)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the driver version parameter from the user-specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-176 / CVE-2011-1703)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the core-package parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-177 / CVE_2011-1704)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the client-file-name parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-178 / CVE-2011-1705)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the iprint-client-config-info parameter form the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-179 / CVE-2011-1706)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-180 / CVE-2011-1708)

- The nipplib.dll component, as used by both types of browser plugins, does not properly handle the op-printer-list-all-jobs parameter from the user specified printer-url before passing it to a fixed-length buffer on the heap. (ZDI-11-181 / CVE-2011-1707)

Solution

Upgrade to Novell iPrint Client 5.64 or later.