‘Novell iPrint Server Queue Name Code Execution Vulnerability’

Summary

‘.This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server

Credit:

‘The information has been provided by Francis Provencher .
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-138/


Details

Vulnerable Systems:
Novell iPrint

Authentication is not required to exploit this vulnerability. The flaw exists within the ‘/opt/novell/iprint/bin/ipsmd’ component; this component communicates with ‘ilprsrvd’ which listens on TCP port 515. When handling an LPR opcode 0x01 packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the iprint user.

Patch Availability:
Novell has issued an update to correct this vulnerability. More details can be found at:
http://download.novell.com/Download?buildid=ftwZBxEFjIg~

Disclosure Timeline:
2010-07-20 – Vulnerability reported to vendor
2010-08-05 – Coordinated public release of advisory’

Categories: UNIX