Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Novell iPrint IppCreateServerRef() Buffer Overflow Vulnerability
Date Discovered: 09/05/2008
Severity: High
Applications Affected: Novell iPrint Client 4.36
Novell iPrint Client 5.04
Novell iPrint Client 5.06
Type Remote
Identifiers CVE-2008-2436
BID-30986
Vendor Novell
Synopsis
Vulnerability has been discovered in Novell iPrint ActiveX control. This allows remote attackers to overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Recommended Action
Novell iPrint Client for Windows:
Upgrade to the latest version of iPrint Client(4.38 or later)
http://download.novell.com/Download?buildid=3q-_lVDVRFI~

Novell iPrint Client for Windows Vista:
Upgrade to the latest version of iPrint Client (5.08 or later)
http://download.novell.com/Download?buildid=dv_yn4TOPmQ~
Threat Analysis
Novell iPrint extends print services securely across multiple networks and operating systems. Using proven Internet technologies, iPrint makes all printing resources instantly accessible with a Web browser and a few mouse clicks.

Buffer overflow vulnerability found in Novell iPrint ActiveX control (ienipp.ocx) caused due to a boundary error within the "IppCreateServerRef()" function in nipplib.dll. The vulnerability can be exploited by passing an overly long, specially crafted string as argument to either "GetPrinterURLList()", "GetPrinterURLList2()", or "GetFileList2()" as provided by the Novell iPrint ActiveX control (ienipp.ocx).
References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2436
http://www.securityfocus.com/bid/30986

Write-up by: Rajesh Rawal
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map