Novell iPrint Client 'IppCreateServerRef()'远程缓冲区溢出漏洞

2008-09-10T00:00:00
ID SSV:3977
Type seebug
Reporter Root
Modified 2008-09-10T00:00:00

Description

BUGTRAQ ID: 30986 CVE ID:CVE-2008-2436 CNCVE ID:CNCVE-20083536

Novell iPrint Client打印解决方案允许用户向网络打印机发送文档。 Novell iPrint Client包含的nipplib.dll存在边界错误,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 问题存在于nipplib.dll的"IppCreateServerRef()"函数中,传递超长特殊构建的字符串作为"GetPrinterURLList()", "GetPrinterURLList2()", 或"GetFileList2()"函数参数,可触发基于堆的缓冲区溢出,造成任意指令执行。

Novell iPrint Client 5.06 Novell iPrint Client 5.04 Novell iPrint Client 4.36 可升级到Novell iPrint Client 4.38和5.08版本: <a href=http://download.novell.com/Download?buildid=3q-_lVDVRFI~ target=_blank>http://download.novell.com/Download?buildid=3q-_lVDVRFI~</a> <a href=http://download.novell.com/Download?buildid=dv_yn4TOPmQ~ target=_blank>http://download.novell.com/Download?buildid=dv_yn4TOPmQ~</a>