Novell iPrint Client nipplib.dll ActiveX buffer overflow

2008-09-08T00:00:00

Description

Added: 09/08/2008 CVE: [CVE-2008-2436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2436>) BID: [30986](<http://www.securityfocus.com/bid/30986>) OSVDB: [47897](<http://www.osvdb.org/47897>) ### Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named `**ienipp.ocx**`. ### Problem A buffer overflow vulnerability in the `**IppCreateServerRef**` method in the `**nipplib.dll**` library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page. ### Resolution Upgrade to [version 4.38](<http://download.novell.com/Download?buildid=3q-_lVDVRFI~>) or [version 5.08](<http://download.novell.com/Download?buildid=dv_yn4TOPmQ~>) or higher. ### References <http://secunia.com/secunia_research/2008-33/advisory/> ### Limitations Exploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer. ### Platforms Windows

{"id": "SAINT:EB14A04481A4B3F6FE13FD8A3947710F", "vendorId": null, "type": "saint", "bulletinFamily": "exploit", "title": "Novell iPrint Client nipplib.dll ActiveX buffer overflow", "description": "Added: 09/08/2008 \nCVE: [CVE-2008-2436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2436>) \nBID: [30986](<http://www.securityfocus.com/bid/30986>) \nOSVDB: [47897](<http://www.osvdb.org/47897>) \n\n\n### Background\n\nNovell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named `**ienipp.ocx**`. \n\n### Problem\n\nA buffer overflow vulnerability in the `**IppCreateServerRef**` method in the `**nipplib.dll**` library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page. \n\n### Resolution\n\nUpgrade to [version 4.38](<http://download.novell.com/Download?buildid=3q-_lVDVRFI~>) or [version 5.08](<http://download.novell.com/Download?buildid=dv_yn4TOPmQ~>) or higher. \n\n### References\n\n<http://secunia.com/secunia_research/2008-33/advisory/> \n\n\n### Limitations\n\nExploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows \n \n\n", "published": "2008-09-08T00:00:00", "modified": "2008-09-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/novell_iprint_activex_nipplib", "reporter": "SAINT Corporation", "references": [], "cvelist": ["CVE-2008-2436"], "immutableFields": [], "lastseen": "2022-01-26T11:34:30", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2008-231"]}, {"type": "cve", "idList": ["CVE-2008-2436", "CVE-2011-4185"]}, {"type": "nessus", "idList": ["4647.PRM", "NOVELL_IPRINT_BUFFER_OVERFLOW.NASL"]}, {"type": "saint", "idList": ["SAINT:39FC10E29905EE62B00269ED0CD7BCA4", "SAINT:505C1A3ECA8DEB0A22885E357BEFFDDB", "SAINT:603BCDBDAE7591B8D1439474064CD1BC"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20450"]}, {"type": "seebug", "idList": ["SSV:3977"]}]}, "score": {"value": 9.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2008-2436"]}, {"type": "nessus", "idList": ["NOVELL_IPRINT_BUFFER_OVERFLOW.NASL"]}, {"type": "saint", "idList": ["SAINT:603BCDBDAE7591B8D1439474064CD1BC"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20450"]}, {"type": "seebug", "idList": ["SSV:3977"]}]}, "exploitation": null, "vulnersScore": 9.0}, "_state": {"dependencies": 1647589307, "score": 0}}

{"saint": [{"lastseen": "2016-10-03T15:01:53", "description": "Added: 09/08/2008 \nCVE: [CVE-2008-2436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2436>) \nBID: [30986](<http://www.securityfocus.com/bid/30986>) \nOSVDB: [47897](<http://www.osvdb.org/47897>) \n\n\n### Background\n\nNovell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named `**ienipp.ocx**`. \n\n### Problem\n\nA buffer overflow vulnerability in the `**IppCreateServerRef**` method in the `**nipplib.dll**` library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page. \n\n### Resolution\n\nUpgrade to [version 4.38](<http://download.novell.com/Download?buildid=3q-_lVDVRFI~>) or [version 5.08](<http://download.novell.com/Download?buildid=dv_yn4TOPmQ~>) or higher. \n\n### References\n\n<http://secunia.com/secunia_research/2008-33/advisory/> \n\n\n### Limitations\n\nExploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2008-09-08T00:00:00", "type": "saint", "title": "Novell iPrint Client nipplib.dll ActiveX buffer overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2436"], "modified": "2008-09-08T00:00:00", "id": "SAINT:603BCDBDAE7591B8D1439474064CD1BC", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/novell_iprint_activex_nipplib", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-07-29T16:40:15", "description": "Added: 09/08/2008 \nCVE: [CVE-2008-2436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2436>) \nBID: [30986](<http://www.securityfocus.com/bid/30986>) \nOSVDB: [47897](<http://www.osvdb.org/47897>) \n\n\n### Background\n\nNovell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named `**ienipp.ocx**`. \n\n### Problem\n\nA buffer overflow vulnerability in the `**IppCreateServerRef**` method in the `**nipplib.dll**` library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page. \n\n### Resolution\n\nUpgrade to [version 4.38](<http://download.novell.com/Download?buildid=3q-_lVDVRFI~>) or [version 5.08](<http://download.novell.com/Download?buildid=dv_yn4TOPmQ~>) or higher. \n\n### References\n\n<http://secunia.com/secunia_research/2008-33/advisory/> \n\n\n### Limitations\n\nExploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2008-09-08T00:00:00", "type": "saint", "title": "Novell iPrint Client nipplib.dll ActiveX buffer overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2436"], "modified": "2008-09-08T00:00:00", "id": "SAINT:505C1A3ECA8DEB0A22885E357BEFFDDB", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/novell_iprint_activex_nipplib", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:33:31", "description": "Added: 09/08/2008 \nCVE: [CVE-2008-2436](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2436>) \nBID: [30986](<http://www.securityfocus.com/bid/30986>) \nOSVDB: [47897](<http://www.osvdb.org/47897>) \n\n\n### Background\n\nNovell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named `**ienipp.ocx**`. \n\n### Problem\n\nA buffer overflow vulnerability in the `**IppCreateServerRef**` method in the `**nipplib.dll**` library used by the Novell iPrint ActiveX control allows command execution when a user opens a specially crafted web page. \n\n### Resolution\n\nUpgrade to [version 4.38](<http://download.novell.com/Download?buildid=3q-_lVDVRFI~>) or [version 5.08](<http://download.novell.com/Download?buildid=dv_yn4TOPmQ~>) or higher. \n\n### References\n\n<http://secunia.com/secunia_research/2008-33/advisory/> \n\n\n### Limitations\n\nExploit works on Novell iPrint Client 4.26.00 and requires a user to open the exploit page in Internet Explorer. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2008-09-08T00:00:00", "type": "saint", "title": "Novell iPrint Client nipplib.dll ActiveX buffer overflow", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2436"], "modified": "2008-09-08T00:00:00", "id": "SAINT:39FC10E29905EE62B00269ED0CD7BCA4", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/novell_iprint_activex_nipplib", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:29:08", "description": "BUGTRAQ ID: 30986\r\nCVE ID\uff1aCVE-2008-2436\r\nCNCVE ID\uff1aCNCVE-20083536\r\n\r\nNovell iPrint Client\u6253\u5370\u89e3\u51b3\u65b9\u6848\u5141\u8bb8\u7528\u6237\u5411\u7f51\u7edc\u6253\u5370\u673a\u53d1\u9001\u6587\u6863\u3002\r\nNovell iPrint Client\u5305\u542b\u7684nipplib.dll\u5b58\u5728\u8fb9\u754c\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\u95ee\u9898\u5b58\u5728\u4e8enipplib.dll\u7684"IppCreateServerRef()"\u51fd\u6570\u4e2d\uff0c\u4f20\u9012\u8d85\u957f\u7279\u6b8a\u6784\u5efa\u7684\u5b57\u7b26\u4e32\u4f5c\u4e3a"GetPrinterURLList()", "GetPrinterURLList2()", \u6216"GetFileList2()"\u51fd\u6570\u53c2\u6570\uff0c\u53ef\u89e6\u53d1\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u9020\u6210\u4efb\u610f\u6307\u4ee4\u6267\u884c\u3002\n\nNovell iPrint Client 5.06\r\nNovell iPrint Client 5.04\r\nNovell iPrint Client 4.36\n \u53ef\u5347\u7ea7\u5230Novell iPrint Client 4.38\u548c5.08\u7248\u672c\uff1a\r\n<a href=http://download.novell.com/Download?buildid=3q-_lVDVRFI~ target=_blank>http://download.novell.com/Download?buildid=3q-_lVDVRFI~</a>\r\n<a href=http://download.novell.com/Download?buildid=dv_yn4TOPmQ~ target=_blank>http://download.novell.com/Download?buildid=dv_yn4TOPmQ~</a>", "cvss3": {}, "published": "2008-09-10T00:00:00", "type": "seebug", "title": "Novell iPrint Client 'IppCreateServerRef()'\u8fdc\u7a0b\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2436"], "modified": "2008-09-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3977", "id": "SSV:3977", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:45:13", "description": "Novell iPrint is an application that enables users to install and manage printers, or submit print job from a web browser. A buffer overflow vulnerability has been reported in Novell iPrint Client. The vulnerability is due to a boundary error in the Novell iPrint Client nipplib.dll ActiveX control when checking certain parameters that are passed to it. To trigger this issue, an attacker may create a malicious web page that will exploit this vulnerability. Successful exploitation may allow execution of arbitrary code on a vulnerable system.", "cvss3": {}, "published": "2008-11-18T00:00:00", "type": "checkpoint_advisories", "title": "Novell iPrint Client nipplib.dll ActiveX Control Buffer Overflow (CVE-2008-2436)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2436"], "modified": "2018-05-16T00:00:00", "id": "CPAI-2008-231", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:09:36", "description": "The installed version of Novell iPrint Client is affected by a buffer overflow vulnerability. By passing very long arguments to either 'GetPrinterURLList()', 'GetPrinterURLList2()', or 'GetFileList2()' functions available in ActiveX control 'ienipp.ocx', it may be possible to cause a heap-based buffer overflow in function 'IppCreateServerRef()' provided by 'nipplib.dll'. Successful exploitation of this issue may result in arbitrary code execution on the remote system.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-09-08T00:00:00", "type": "nessus", "title": "Novell iPrint Client nipplib.dll IppCreateServerRef Function Buffer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2436"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:novell:iprint_client:*:*:*:*:*:*:*:*"], "id": "4647.PRM", "href": "https://www.tenable.com/plugins/nnm/4647", "sourceData": "Binary data 4647.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:37", "description": "The installed version of Novell iPrint Client is affected by a buffer overflow vulnerability. \n\nBy passing very long arguments to either 'GetPrinterURLList()', 'GetPrinterURLList2()', or 'GetFileList2()' functions available in ActiveX control 'ienipp.ocx', it may be possible to cause a heap-based buffer overflow in function 'IppCreateServerRef()' provided by 'nipplib.dll'. \n\nSuccessful exploitation of this issue may result in arbitrary code execution on the remote system.", "cvss3": {"score": null, "vector": null}, "published": "2008-09-04T00:00:00", "type": "nessus", "title": "Novell iPrint Client nipplib.dll ActiveX (ienipp.ocx) IppCreateServerRef Function Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2436"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:novell:iprint"], "id": "NOVELL_IPRINT_BUFFER_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/nessus/34085", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34085);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\"CVE-2008-2436\");\n script_bugtraq_id(30986);\n script_xref(name:\"Secunia\", value:\"31370\");\n\n script_name(english:\"Novell iPrint Client nipplib.dll ActiveX (ienipp.ocx) IppCreateServerRef Function Overflow\");\n script_summary(english:\"Checks version of Novell iPrint ActiveX control\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\nbuffer overflow vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of Novell iPrint Client is affected by a buffer\noverflow vulnerability. \n\nBy passing very long arguments to either 'GetPrinterURLList()',\n'GetPrinterURLList2()', or 'GetFileList2()' functions available in\nActiveX control 'ienipp.ocx', it may be possible to cause a heap-based\nbuffer overflow in function 'IppCreateServerRef()' provided by\n'nipplib.dll'. \n\nSuccessful exploitation of this issue may result in arbitrary code\nexecution on the remote system.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2008-33/advisory/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://download.novell.com/Download?buildid=3q-_lVDVRFI~\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://download.novell.com/Download?buildid=dv_yn4TOPmQ~\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to \n\n - Novell iPrint Client for Vista 5.08 or \n - Novell iPrint Client for Windows 4.38\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/09/03\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:novell:iprint\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\",\"os_fingerprint.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_activex_func.inc\");\n\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(0);\n\nif(!get_kb_item(\"SMB/WindowsVersion\")) exit(0);\n\nos = get_kb_item(\"Host/OS\");\nif(isnull(os))exit(0);\n\nif (\"Vista\" >< os) os = \"Vista\";\nelse os = \"Windows\";\n\nvista = FALSE;\nif ( \"6.0\" >< get_kb_item(\"SMB/WindowsVersion\")) vista = TRUE;\n\n# Locate the file used by the controls.\nif (activex_init() != ACX_OK) exit(0);\n\nclsid = \"{36723F97-7AA0-11D4-8919-FF2D71D0D32C}\";\n\nfile = activex_get_filename(clsid:clsid);\nif (file)\n{\n ver = activex_get_fileversion(clsid:clsid);\n v = split(ver,sep:\".\",keep:FALSE); \n\n if ( (ver && vista && activex_check_fileversion(clsid:clsid, fix:\"5.0.8.0\") == TRUE) ||\n (ver && !vista && activex_check_fileversion(clsid:clsid, fix:\"4.3.8.0\") == TRUE)\t \t \n )\n {\n report = NULL;\n if (report_paranoia > 1)\n report = string(\n \"\\n\",\n \"Version \",string(v[0],\".\",v[1],v[2]), \" of Novell iPrint Client for \",os,\"\\n\", \n\t\"is installed on the remote host.\\n\",\n \"\\n\",\n \"Note, though, that Nessus did not check whether the kill bit was\\n\",\n \"set for the control's CLSID because of the Report Paranoia setting\\n\",\n \"in effect when this scan was run.\\n\"\n );\n else if (activex_get_killbit(clsid:clsid) == 0)\n report = string(\n \"\\n\",\n \"Version \",string(v[0],\".\",v[1],v[2]), \" of Novell iPrint Client for \",os,\"\\n\",\n\t\"is installed on the remote host.\\n\",\n \"\\n\",\n \"Moreover, its kill bit is not set so it is accessible via Internet\\n\",\n \"Explorer.\\n\"\n );\n if (report)\n {\n if (report_verbosity) security_hole(port:kb_smb_transport(), extra:report);\n else security_hole(kb_smb_transport());\n }\n }\n}\nactivex_end();\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:14:37", "description": "Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.", "cvss3": {}, "published": "2008-09-05T16:08:00", "type": "cve", "title": "CVE-2008-2436", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2436"], "modified": "2018-10-11T20:41:00", "cpe": ["cpe:/a:novell:iprint_client:4.36", "cpe:/a:novell:iprint_client:4.35", "cpe:/a:novell:iprint_client:4.32", "cpe:/a:novell:iprint_client:5.06", "cpe:/a:novell:iprint_client:4.26"], "id": "CVE-2008-2436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2436", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:novell:iprint_client:4.26:*:windows:*:*:*:*:*", "cpe:2.3:a:novell:iprint_client:4.32:*:windows:*:*:*:*:*", "cpe:2.3:a:novell:iprint_client:4.35:*:windows:*:*:*:*:*", "cpe:2.3:a:novell:iprint_client:4.36:*:windows:*:*:*:*:*", "cpe:2.3:a:novell:iprint_client:5.06:*:vista:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:39:15", "description": "The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436.", "cvss3": {}, "published": "2012-02-21T13:31:00", "type": "cve", "title": "CVE-2011-4185", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2431", "CVE-2008-2436", "CVE-2011-4185"], "modified": "2012-02-22T05:00:00", "cpe": ["cpe:/a:novell:iprint:4.38", "cpe:/a:novell:iprint:5.60", "cpe:/a:novell:iprint:5.64", "cpe:/a:novell:iprint:4.36", "cpe:/a:novell:iprint:5.12", "cpe:/a:novell:iprint:4.27", "cpe:/a:novell:iprint:5.20b", "cpe:/a:novell:iprint:5.44", "cpe:/a:novell:iprint:5.50", "cpe:/a:novell:iprint:5.04", "cpe:/a:novell:iprint:5.40", "cpe:/a:novell:iprint:5.42", "cpe:/a:novell:iprint:5.30", "cpe:/a:novell:iprint:5.52", "cpe:/a:novell:iprint:5.72", "cpe:/a:novell:iprint:4.34", "cpe:/a:novell:iprint:5.32", "cpe:/a:novell:iprint:5.56", "cpe:/a:novell:iprint:4.30", "cpe:/a:novell:iprint:4.28", "cpe:/a:novell:iprint:5.74", "cpe:/a:novell:iprint:4.26", "cpe:/a:novell:iprint:4.32", "cpe:/a:novell:iprint:5.68"], "id": "CVE-2011-4185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4185", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:novell:iprint:5.32:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.64:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.50:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.44:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.68:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.32:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.34:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.72:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.38:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.74:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.27:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.52:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.36:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.56:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.04:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.30:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.20b:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.30:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.26:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:4.28:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.42:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.60:*:*:*:*:*:*:*", "cpe:2.3:a:novell:iprint:5.40:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "description": "====================================================================== \r\n\r\n Secunia Research 03/09/2008\r\n\r\n - Novell iPrint Client -\r\n - nipplib.dll "IppCreateServerRef()" Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Novell iPrint Client 4.36\r\n* Novell iPrint Client for Vista 5.04\r\n* Novell iPrint Client for Vista 5.06\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System compromise\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"Neither you nor your users have time to devote to a complex printing\r\nenvironment. That's why Novell iPrint extends print services securely\r\nacross multiple networks and operating systems. Using proven Internet\r\ntechnologies, iPrint transforms your Novell Distributed Print \r\nServices\u2122 (NDPS\u00ae) printers into Net-enabled printers, making all your\r\nprinting resources instantly accessible with a Web browser and a few\r\nmouse clicks".\r\n\r\nProduct Link:\r\nhttp://www.novell.com/products/openenterpriseserver/iprint.html\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Novell iPrint \r\nClient, which can be exploited by malicious people to compromise a \r\nuser's system.\r\n\r\nThe vulnerability is caused due to a boundary error within the\r\n"IppCreateServerRef()" function in nipplib.dll. This can be exploited \r\nto cause a heap-based buffer overflow by passing an overly long, \r\nspecially crafted string as argument to either "GetPrinterURLList()",\r\n"GetPrinterURLList2()", or "GetFileList2()" as provided by the\r\nNovell iPrint ActiveX control (ienipp.ocx).\r\n\r\nSuccessful exploitation may allow execution of arbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nUpdate to version 4.38 or 5.08.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n25/08/2008 - Vendor notified.\r\n26/08/2008 - Vendor response.\r\n03/09/2008 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Carsten Eiram, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nCVE-2008-2436 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://corporate.secunia.com/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://corporate.secunia.com/secunia_research/33/\r\n\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/secunia_security_advisories/ \r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-33/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "cvss3": {}, "published": "2008-09-04T00:00:00", "title": "Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-2436"], "modified": "2008-09-04T00:00:00", "id": "SECURITYVULNS:DOC:20450", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20450", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Novell iPrint Client nipplib.dll ActiveX buffer overflow

Description

Related