[SA31370] Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow

SecuToolBox : Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP + Aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA31370] Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow

Want a new job? link://[click] link://[click]

TITLE: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow

SECUNIA ADVISORY ID: SA31370

VERIFY ADVISORY: link://[click]

CRITICAL: Highly critical

IMPACT: System access

WHERE: From remote SOFTWARE: Novell iPrint Client 4.x link://[click] Novell iPrint Client for Windows Vista 5.x link://[click]

DESCRIPTION: Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "IppCreateServerRef()" function in nipplib.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long, specially crafted string as argument to certain methods provided by the Novell iPrint ActiveX control (ienipp.ocx).

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in versions 4.36, 5.04, and 5.06.

Other versions may also be affected.

SOLUTION: Update to a fixed version.

Novell iPrint Client for Windows 4.38: link://[click] Novell iPrint Client for Windows Vista 5.08: link://[click] PROVIDED AND/OR DISCOVERED BY: Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY: Secunia Research: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA31698] Ubuntu update for tiff
Suivant par Date: [SA31594] Citrix Access Gateway DNS Cache Poisoning
Precedent par fil : [SA31698] Ubuntu update for tiff
Suivant par fil : [SA31594] Citrix Access Gateway DNS Cache Poisoning
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires sur SecuObs :

- More Oracle Pwnage...I Lost Count...New Version Module http://www.secuobs.com/r - Update on the update http://www.secuobs.com/revue/news/49561.shtml - YARA: a malware identification and classification tool http://www.secuobs.com/re - Update from Alexander Sotirov http://www.secuobs.com/revue/news/49201.shtml - VOIP Scanning on the increase http://www.secuobs.com/revue/news/49189.shtml - Creator of ZiPhone iPhone unlock hack calls it quits http://www.secuobs.com/revu - IPv6 Tunnel on Windows XP Using Freenet6 http://www.secuobs.com/revue/news/48645 - RFIDIOt-0.1v.tgz http://www.secuobs.com/revue/news/48665.shtml - VOIPPACK now available! http://www.secuobs.com/revue/news/48725.shtml - Nine Years of Code Cruft: Microsoft?s Hidden Internet Explorer Failures http://w + de commentaires publiés sur SecuObs

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, microsoft, réseau, attaque, vulnérabilité, système, audit, virus, internet, outil, fonction, présentation, données, linux, bluetooth, vista, shell, gestion, metasploit, wishmaster, trames, protocol, sysun, fonctions, paquets, téléphone, engineering + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA33400 Fedora update for am-utils - SA33419 Fedora update for xterm - SA32648 TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow - SA32609 ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow - SA33342 vBulletin Personal Sticky Threads Add-on Security Bypass Vulnerability + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Do you use nepenthes? - Full-disclosure The war in Palestine && Pointless noise. - Full-disclosure MDVSA-2009:001 openssl - Re: Full-disclosure Full-Disclosure wouldn't let me post this message - Re: Full-disclosure The war in Palestine + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- AST-2009-001: Information leak in IAX2 authentication - LayerOne 2009 Call for Papers - USN-705-1 NTP vulnerability - Re: IBM Datapower XS40 Denial of Service - CORE-2008-1128: Openfire multiple vulnerabilities + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, biometric, lockpicking, wimax, password, spammer, malware, kernel, windows, iphone, symantec, phish, adware, knoppix, security, botnet, linux, tutorial, cryptography, internet, attack, wireshark, server, virtual, metasploit, intel, openbsd, protect, jailbreak, hitbsecconf2006, rootkit, norton, ubuntu, exploit, samsung, ettercap, hijackthis, interview, screen, vista, fingerprint, flash + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, vulnérabilité, network, google, vulnerability, hacker, attack, inject, remote, mobile, server, exploit, apple, internet, iphone, black, yahoo, sécurité, malware, vista, intel, patch, crypt, drive, access, protect, virtual, laptop, linux, source, biometric, research, ebook, business, virus, office, phish, adobe, chine, facebook, opera, flash, wireless + de mots clés avec l'annuaire de la revue de presse