Novell Client nwspool.dll buffer overflow

2006-12-01T00:00:00
ID SAINT:5A002CDFE7ACBD0171861D507899EDD7
Type saint
Reporter SAINT Corporation
Modified 2006-12-01T00:00:00

Description

Added: 12/01/2006
CVE: CVE-2006-5854
BID: 21220
OSVDB: 30547

Background

Novell Client software provides NetWare connectivity to Windows platforms.

Problem

The **nwspool.dll** library in Novell Client is affected by buffer overflows in the **EnumPrinters** and **OpenPrinter** functions, allowing remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Spooler service.

Resolution

Apply **491psp3_nwspool.exe**. Patches are available from Novell.

References

<http://www.securityfocus.com/archive/1/453012>
http://www.novell.com/support/search.do?cmd=displayKC&externalId=3125538&sliceId=SAL_Public

Limitations

Exploit works on Novell Client 4.91 SP3 on Windows 2000.

Platforms

Windows