Novell NetWare Client for Windows OpenPrinter() function vulnerable to buffer overflow

Overview

A vulnerability exists in the Novell NetWare client that could allow a remote attacker to execute arbitrary code on an affected system.

Description

NetWare is a network operating system produced and maintained by Novell. Novell provides NetWare clients for Microsoft Windows and Linux operating systems.

From the Novell Client for Windows XP/2000 product overview:
_ It enables you to access NetWare® services from Windows XP or 2000 workstations or servers and tightly integrates either product into your NetWare network. For example, with Novell Client for Windows XP/2000, you can browse through authorized NetWare directories, transfer files, print documents and use advanced NetWare services directly from a Windows XP or 2000 workstation._
The nwspool.dll library is included with the Novell Client for Windows, and provides access to remote printing services.

There is a buffer overflow vulnerability in the OpenPrinter() function which is used in the nwspool.dll library. An attacker may be able to trigger the overflow by sending specially-crafted Remote Procedure Call (RPC) requests to the Spooler service on a vulnerable system.

---

Impact

A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

---

Solution

Upgrade
Novell has issued a beta upgrade that addresses this issue. See Novell Technical Information Document TID2974765 for more details.

---

Vendor Information

300636

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Novell, Inc. __ Affected

Updated: December 19, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <https://secure-support.novell.com/KanisaPlatform/Publishing/583/3125538_f.SAL_Public.html&gt; for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23300636 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.zerodayinitiative.com/advisories/ZDI-06-043.html&gt;
• <http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974765.htm&gt;
• <http://secunia.com/advisories/23027/&gt;
• <https://secure-support.novell.com/KanisaPlatform/Publishing/583/3125538_f.SAL_Public.html&gt;
• <http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974765.htm&gt;

Acknowledgements

The Zero Day Initiative disclosed this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs:	CVE-2006-5854
Severity Metric:	3.21 Date Public: