Summary
This host is installed with Novell iPrint Client and is prone to multiple remote code execution vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code, cause buffer overflow or a denial of service condition.
Impact Level: System/Application
Solution
Upgrade to the Novell iPrint Client version 5.78 or later, For updates refer to http://download.novell.com/Download?buildid=6_bNby38ERg~
Insight
The flaws are due to
- An error in nipplib.dll within the 'GetDriverSettings()' function.
- An error within the 'GetPrinterURLList2()' function in the ActiveX Control, when handling overly long string parameters.
- A boundary error within nipplib.dll, when parsing the 'client-file-name' parameter.
Affected
Novell iPrint Client version prior to 5.78
References
- http://osvdb.org/78953
- http://osvdb.org/78954
- http://osvdb.org/78955
- http://secunia.com/advisories/47867/
- http://securitytracker.com/id/1026660
- http://www.novell.com/support/kb/doc.php?id=7008708
- http://www.novell.com/support/kb/doc.php?id=7010143
- http://www.novell.com/support/kb/doc.php?id=7010144
- http://www.novell.com/support/kb/doc.php?id=7010145
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4185, CVE-2011-4186, CVE-2011-4187 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Flash Media Server Multiple Remote Security Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)