OpenVAS Plugins

Current NVT count: 30657
New NVTs this Month: 113 (Last update: 2013-05-20 00:33:23)
New NVTs last Month: 290
Plugin Set: 201305150605

Search Results - 11 NVT(s) found

Novell iPrint Client Multiple Remote Code Execution Vulnerabilities

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902674
Filename: secpod_novell_iprint_client_mult_code_exec_vuln.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: General

CVE: CVE-2011-4185 CVE-2011-4186 CVE-2011-4187
BID: 51926
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Novell iPrint Client"

Overview: This host is installed with Novell iPrint Client and is prone to
multiple remote code execution vulnerabilities.

Vulnerability Insight:
The flaws are due to
- An error in nipplib.dll within the 'GetDriverSettings()' function.
- An error within the 'GetPrinterURLList2()' function in the ActiveX Control,
when handling overly long string parameters.
- A boundary error within nipplib.dll, when parsing the 'client-file-name'
parameter.

Impact:
Successful exploitation could allow attackers to execute arbitrary code,
cause buffer overflow or a denial of service condition.

Impact Level: System/Application

Affected Software :
Novell iPrint Client version prior to 5.78

Fix: Upgrade to the Novell iPrint Client version 5.78 or later,
For updates refer to http://download.novell.com/Download?buildid=6_bNby38ERg~

References:
http://osvdb.org/78953
http://osvdb.org/78954
http://osvdb.org/78955
http://secunia.com/advisories/47867/
http://securitytracker.com/id/1026660
http://www.novell.com/support/kb/doc.php?id=7010143
http://www.novell.com/support/kb/doc.php?id=7010144
http://www.novell.com/support/kb/doc.php?id=7010145
http://www.novell.com/support/kb/doc.php?id=7008708

---

Novell File Reporter SRS Tag Arbitrary File Deletion Vulnerability

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801960
Filename: gb_novell_file_reporter_files_del_vuln_win.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: Buffer overflow

CVE: CVE-2011-2750
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of Novell File Reporter"

Overview: This host is installed with Novell File Reporter and is prone to
arbitrary file deletion vulnerability.

Vulnerability Insight:
The flaw is due to an error in the NFR Agent (NFRAgent.exe) when
handling 'OPERATION' and 'CMD' commands in the 'SRS' tag and can be
exploited to delete arbitrary files via a specially crafted SRS request
sent to TCP port 3073.

Impact:
Successful exploitation could allow remote attackers to delete arbitrary
files.

Impact Level: Application

Affected Software/OS:
Novell File Reporter (NFR) before 1.0.4.2

Fix: No solution or patch is available as of 22nd January, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://download.novell.com/Download?buildid=rCAgCcbPH9s~

References:
http://secunia.com/advisories/45071
http://aluigi.org/adv/nfr_2-adv.txt
http://www.securityfocus.com/archive/1/archive/1/518632/100/0/threaded

---

Novell iPrint Client printer-url Multiple BOF Vulnerabilities (Windows)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801951
Filename: gb_novell_iprint_client_printer_url_mult_bof_vuln_win.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: Buffer overflow

CVE: CVE-2011-1699 CVE-2011-1700 CVE-2011-1701 CVE-2011-1702 CVE-2011-1703 CVE-2011-1704 CVE-2011-1705 CVE-2011-1706 CVE-2011-1707 CVE-2011-1708
CVSS: 9.3
Risk factor : Critical

Summary: Check the version of Novell iPrint Client"

Overview: The host is installed with Novell iPrint Client and is prone to
multiple buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws exists within the 'nipplib' component which is used by both the
ActiveX and Netscape compatible browser plugins. When handling the various
parameters from the user specified printer-url the process blindly copies
user supplied data into a fixed-length buffer on the heap.

Impact:
Successful exploitation could allow attackers to execute arbitrary code under
the context of the browser.

Impact Level: Application

Affected Software/OS:
Novell iPrint Client version prior to 5.64 on windows.

Fix: Upgrade to Novell iPrint Client 5.64 or later,
For the updates refer, http://download.novell.com/Download?buildid=6_bNby38ERg~

References:
http://securitytracker.com/id/1025606
http://www.zerodayinitiative.com/advisories/ZDI-11-172/
http://www.zerodayinitiative.com/advisories/ZDI-11-173/
http://www.zerodayinitiative.com/advisories/ZDI-11-174/
http://www.zerodayinitiative.com/advisories/ZDI-11-175/
http://www.zerodayinitiative.com/advisories/ZDI-11-176/
http://www.zerodayinitiative.com/advisories/ZDI-11-177/
http://www.zerodayinitiative.com/advisories/ZDI-11-178/
http://www.zerodayinitiative.com/advisories/ZDI-11-179/
http://www.zerodayinitiative.com/advisories/ZDI-11-180/
http://www.zerodayinitiative.com/advisories/ZDI-11-181/

---

Novell File Reporter NFRAgent.exe XML Parsing Buffer Overflow Vulnerability

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801918
Filename: gb_novell_file_reporter_bof_vuln_win.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: Buffer overflow

CVE: CVE-2011-0994
BID: 47144
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Novell File Reporter"

Overview: This host is installed with Novell File Reporter and is prone to
buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists within 'NFRAgent.exe' module, which allows remote attackers
to execute arbitrary code via unspecified XML data to port 3037.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with SYSTEM privileges or cause denial of service.

Impact Level: Application/System

Affected Software/OS:
Novell File Reporter (NFR) before 1.0.2

Fix: Upgrade Novell File Reporter 1.0.2 or later,
For updates refer to http://download.novell.com/Download?buildid=rCAgCcbPH9s~

References:
http://www.zerodayinitiative.com/advisories/ZDI-11-116/
http://www.securityfocus.com/archive/1/archive/1/517321/100/0/threaded

---

Novell iPrint Client ienipp.ocx ActiveX Buffer Overflow Vulnerability

Copyright (c) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902328
Filename: secpod_novell_iprint_client_actvx_bof_vuln_dec10.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: General

CVE: CVE-2010-4321
BID: 44966
CVSS: 9.3
Risk factor : Critical

Summary: Check the version of Novell iPrint Client"

Overview: The host is installed with Novell iPrint Client and is prone to
Buffer Overflow vulnerability.

Vulnerability Insight:
The flaw is due to an error in 'ienipp.ocx' in the method
'GetDriverSettings' whcih blindly copies user supplied data into a
fixed-length buffer on the stack.

Impact:
Successful exploitation could allow attackers to execute arbitrary code in
the context of the application.

Impact Level: Application

Affected Software/OS:
Novell iPrint Client version 5.52

Fix: Upgrade to Novell iPrint Client version 5.56 or later
http://download.novell.com/Download?buildid=JV7fd0tFHHM~

References:
http://www.zerodayinitiative.com/advisories/ZDI-10-256/
http://www.novell.com/support/viewContent.do?externalId=7007234

---

Novell iPrint Client Multiple Vulnerabilities (windows)

Copyright (c) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902098
Filename: secpod_novell_iprint_client_mult_vuln_win.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: General

CVE: CVE-2010-3105 CVE-2010-1527
BID: 42576
CVSS: 9.3
Risk factor : Critical

Summary: Check the version of Novell iPrint Client"

Overview: The host is installed with Novell iPrint Client and is prone to
multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:
- An error in 'PluginGetDriverFile' function, which interprets an uninitialized
memory location as a pointer value.
- An improper bounds checking by the 'call-back-url' parameter for a
'op-client-interface-version' operation. A remote attacker can use an overly
long call-back-url parameter to overflow a buffer and execute arbitrary code
on the system.

Impact:
Successful exploitation could allow attackers to execute arbitrary code, to
cause buffer overflow or cause the application to crash.

Impact Level: Application

Affected Software/OS:
Novell iPrint Client version prior to 5.44 on Windows

Fix: Upgrade to Novell iPrint Client version 5.44 or later
http://www.novell.com/products/openenterpriseserver/iprint.html

References:
http://secunia.com/advisories/40805
http://xforce.iss.net/xforce/xfdb/61220
http://secunia.com/secunia_research/2010-104/
http://www.novell.com/support/viewContent.do?externalId=7006679

---

Novell iPrint Client Multiple Security Vulnerabilities (Windows)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801423
Filename: gb_novell_iprint_client_mult_vuln_win.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: General

CVE: CVE-2010-3109 CVE-2010-3108 CVE-2010-3107 CVE-2010-3106
BID: 42100
CVSS: 9.3
Risk factor : Critical

Summary: Check the version of Novell iPrint Client"

Overview: The host is installed with Novell iPrint Client and is prone to
multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:
- Error in handling 'ienipp.ocx' ActiveX control.
- Error within the nipplib.dll module that can be reached via the 'ienipp.ocx'
ActiveX control with 'CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C'.
- Failure to verify the name of parameters passed via '<embed>' tags.
- Error in handling plugin parameters. A long value for the operation
parameter can trigger a stack-based buffer overflow.

Impact:
Successful exploitation could allow attackers to execute arbitrary code,
delete files on a system.

Impact Level: Application

Affected Software/OS:
Novell iPrint Client version 5.40 and prior.

Fix: Apply patch from below link
http://download.novell.com/Download?buildid=ftwZBxEFjIg~

*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****

References:
http://dvlabs.tippingpoint.com/advisory/TPTI-10-06
http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
http://www.zerodayinitiative.com/advisories/ZDI-10-139/
http://www.zerodayinitiative.com/advisories/ZDI-10-140/

---

Novell eDirectory Multiple Vulnerabilities - Jul09 (Win)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900599
Filename: secpod_novell_edir_mult_vuln_jul09_win.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: Denial of Service

CVE: CVE-2009-0192 CVE-2009-2456 CVE-2009-2457
BID: 35666
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of Novell eDirectory"

Overview: This host is running Novell eDirectory and is prone to multiple
vulnerabilities.

Vulnerability Insight:
- An unspecified error occurs in DSNDSD component while processing malformed
LDAP request containing multiple . (dot) wildcard characters in the Relative
Distinguished Name (RDN).
- An unspecified error occurs in DSNDSD component while processing malformed
bind LDAP packets.
- Off-by-one error occurs in the iMonitor component while processing
malicious HTTP request with a crafted Accept-Language header.

Impact: Successful exploitation allows attackers to crash the service
leading to denial of service condition.

Impact Level: Application

Affected Software/OS:
Novell eDirectory 8.8 before SP5 on Windows.

Fix: Upgrade to Novell eDirectory 8.8 SP5 or later
http://www.novell.com/products/edirectory/

References:
http://secunia.com/advisories/34160
http://www.vupen.com/english/advisories/2009/1883
http://www.novell.com/support/viewContent.do?externalId=3426981

---

Novell iPrint Client Multiple BOF Vulnerabilities (Win)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900729
Filename: secpod_novell_iprint_client_mult_bof_vuln_win.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: Buffer overflow

CVE: CVE-2009-1569 CVE-2009-1568
BID: 37242
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Novell iPrint Client"

Overview: This host is running Novell iPrint Client and is prone to multiple
Buffer Overflow vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to inadequate boundary checks on user supplied
inputs while the application processes the input data into the application
context.

Impact:
Successful exploitation lets the remote attacker have a control over the remote
system registers allowing execution of malformed shellcode.

Impact Level: System

Affected Software/OS:
Novell iPrint Client version prior to 5.32

Fix:
Upgrade Novell iPrint Client version to 5.32
http://download.novell.com

References:
http://secunia.com/advisories/37169
http://secunia.com/secunia_research/2009-40/
http://www.vupen.com/english/advisories/2009/3429
http://download.novell.com/Download?buildid=29T3EFRky18~
http://www.securityfocus.com/archive/1/archive/1/508288/100/0/threaded

---

Novell NetIdentity Agent Pointer Dereference Remote Code Execution Vulnerability

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900341
Filename: secpod_novell_net_idnty_code_exec_vuln.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: General

CVE: CVE-2009-1350
BID: 34400
CVSS: 10.0
Risk factor : Critical

Summary: Check for the Version of Novell NetIdentity Agent"

Overview: The host is installed with Novell NetIdentity Agent and is prone
to remote code execution vulnerability.

Vulnerability Insight:
Handling of RPC messages over the XTIERRPCPIPE named pipe in 'xtagent.exe',
and sending RPC messages that triggers the dereference of an arbitrary
pointer which can cause remote code execution.

Impact:
Successful exploitation will let the attacker execute arbitrary code in the
context of the affected application with system privileges through a valid
IPC$ connection.

Impact Level: System

Affected Software/OS:
Novell NetIdentity Agent version prior to 1.2.4 on Windows.

Fix: Upgrade to NetIdentity Client version 1.2.4
http://download.novell.com/Download?buildid=6ERQGPjRZ8o~

References:
http://www.vupen.com/english/advisories/2009/0954
http://www.zerodayinitiative.com/advisories/ZDI-09-016
http://securitytracker.com/alerts/2009/Apr/1021990.html
http://www.securityfocus.com/archive/1/archive/1/502514/100/0/threaded

---

Novell Groupwise Client ActiveX Control Buffer Overflow Vulnerability

Copyright (C) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.800973
Filename: gb_novell_groupwise_client_activex_bof_vuln.nasl
Dependencies: secpod_novell_prdts_detect_win.nasl

Family: Buffer overflow

CVE: CVE-2009-3863
BID: 36398
CVSS: 5.0
Risk factor : Medium

Summary: Check the version of Novell Groupwise Client ActiveX control"

Overview: This host is installed with Novell Groupwise Client ActiveX Control
and is prone to Buffer Overflow vulnerability.

Vulnerability Insight:
A boundary error occurs in Novell Groupwise Client ActiveX control (gxmim1.dll)
while handling overly long arguments passed to the 'SetFontFace()' method.

Impact:
Successful expoitation will allow remote attackers to execute arbitrary
code on the affected system and may crash the client.

Affected Software/OS:
Novell GroupWise Client 7.0.3.1294 and prior on Windows.

Fix:
No solution or patch is available as of 09th November, 2009. Information
regarding this issue will be updated once the solution details are available.
For further updates refer, http://www.novell.com/products/groupwise/

Workaround:
Set the Killbit for the vulnerable CLSID
http://support.microsoft.com/kb/240797

References:
http://www.milw0rm.com/exploits/9683
http://en.securitylab.ru/nvd/387373.php

---