Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0639

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-0639
Last Modified 07 Mar 2011 10:05:01
Published 13 Feb 2008 04:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0639

Summary

Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.

Vulnerable Systems

Application

  • Novell Client 4.91


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-005.html

BID - 27741

SECUNIA - 28895

FULLDISC - 20080211 ZDI-08-005: Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability

CONFIRM - http://download.novell.com/Download?buildid=SszG22IIugM~

VUPEN - ADV-2008-0496

SECTRACK - 1019366

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5008300.html


Last Updated: 27 May 2016 10:46:52