Novell Client 4.91 SP4 nwspool.dll buffer overflow

2007-08-1000:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.794 High

EPSS

Percentile

98.3%

JSON

Added: 08/10/2007
CVE: CVE-2007-6701
BID: 25092
OSVDB: 37319

Background

Novell Client software provides NetWare connectivity to Windows platforms.

Problem

The **nwspool.dll** library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Spooler service.

Resolution

Install the Novell Client 4.91 Post-SP4 nwspool.dll.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-045.html>

Limitations

Exploit works on Novell Client for Windows 4.91 SP4.

For Windows Server 2003 targets, a shared printer must be configured before running the exploit, and valid user credentials with Administrator privileges must be provided.

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation on Windows Server 2003. These packages are available from <http://cpan.org/modules/by-module/>.