Lucene search

K

SAINT CorporationSAINT:2522877306A5B8497FACC0F96ECE3044

HistoryDec 01, 2006 - 12:00 a.m.

Novell Client nwspool.dll buffer overflow

2006-12-0100:00:00

SAINT Corporation

download.saintcorporation.com

22

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.928 High

EPSS

Percentile

98.8%

Added: 12/01/2006
CVE: CVE-2006-5854
BID: 21220
OSVDB: 30547

Background

Novell Client software provides NetWare connectivity to Windows platforms.

Problem

The **nwspool.dll** library in Novell Client is affected by buffer overflows in the **EnumPrinters** and **OpenPrinter** functions, allowing remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Spooler service.

Resolution

Apply **491psp3_nwspool.exe**. Patches are available from Novell.

References

<http://www.securityfocus.com/archive/1/453012>
[http://www.novell.com/support/search.do?cmd=displayKC&externalId=3125538&sliceId=SAL_Public ](<http://www.novell.com/support/search.do?cmd=displayKC&externalId=3125538&sliceId=SAL_Public
>)

Limitations

Exploit works on Novell Client 4.91 SP3 on Windows 2000.

Platforms

Windows

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.928 High

EPSS

Percentile

98.8%

Related for SAINT:2522877306A5B8497FACC0F96ECE3044

securityvulns3 seebug3 exploitpack3 cert1 saint3 canvas1 nessus1 cve5 zdi1 checkpoint_advisories1 exploitdb3 prion3