‘Novell iPrint Client Browser Plugin Parameter Name Code Execution’

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client browser plugin.’

Credit:

‘The information has been provided by Ivan Almuina.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-139/


Details

Vulnerable Systems:
Novell iPrint

User interaction is required in that a target must visit a malicious web page. The specific flaw exists within handling plugin parameters. The application does not properly verify the name of parameters passed via tags. If a malicious attacker provides a long enough value a destination buffer can be overflowed. Successful exploitation leads to execution of arbitrary code under the context of the user owning the browser process.

Patch Availability:
Novell has issued an update to correct this vulnerability. More details can be found at:
http://download.novell.com/Download?buildid=ftwZBxEFjIg~

Disclosure Timeline:
2010-06-02 – Vulnerability reported to vendor
2010-08-05 – Coordinated public release of advisory’

Categories: UNIX