‘Novell iPrint op-printer-list-all-jobs url Code Execution Vulnerability’

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client.’

Credit:

‘The information has been provided by Ivan Rodriguez Almuina.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-181/


Details

Vulnerable Systems:
 * Novell iPrint

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

Patch Availability:
The fix has been documented as
7008726: Security Vulnerability – Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability TID
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008726

CVE Information:
CVE-2011-1707

Disclosure Timeline:
2011-04-04 – Vulnerability reported to vendor
2011-06-06 – Coordinated public release of advisory’

Categories: News