Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2436

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2436
Last Modified 19 Aug 2009 01:15:36
Published 05 Sep 2008 12:08:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2436

Summary

Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.

Vulnerable Systems

Application

  • Novell Iprint Client 4.26

  • Novell Iprint Client 4.32

  • Novell Iprint Client 4.35

  • Novell Iprint Client 4.36

  • Novell Iprint Client 5.06


References

SECUNIA - 31370

XF - novell-iprint-ippcreateserverref-bo(44853)

VUPEN - ADV-2008-2481

SECTRACK - 1020806

BID - 30986

BUGTRAQ - 20080903 Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow

SREASON - 4228

MISC - http://secunia.com/secunia_research/2008-33/advisory


Last Updated: 27 May 2016 10:47:52