"Neither you nor your users have time to devote to a complex printing environment. That's why Novell iPrint extends print services securely across multiple networks and operating systems. Using proven Internet technologies, iPrint transforms your Novell Distributed Print Services (NDPS) printers into Net-enabled printers, making all your printing resources instantly accessible with a Web browser and a few mouse clicks". Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system.
Vulnerable Systems:
* Novell iPrint Client version 4.36
* Novell iPrint Client for Vista version 5.04
* Novell iPrint Client for Vista version 5.06
Immune Systems:
* Novell iPrint Client version 4.38
* Novell iPrint Client for Vista version 5.08
The vulnerability is caused due to a boundary error within the "IppCreateServerRef()" function in nipplib.dll. This can be exploited to cause a heap-based buffer overflow by passing an overly long, specially crafted string as argument to either "GetPrinterURLList()", "GetPrinterURLList2()", or "GetFileList2()" as provided by the Novell iPrint ActiveX control (ienipp.ocx).
Successful exploitation may allow execution of arbitrary code.
Time Table:
25/08/2008 - Vendor notified.
26/08/2008 - Vendor response.
03/09/2008 - Public disclosure.
