CVE-2006-5854 – Novell Netware Client Print Provider Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5854
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions. Múltiples desbordamientos de búfer en el servicio de Spooler(nwspool.dll) en Novell Netware Client 4.91 hasta 4.91 SP2 permite a atacantes remotos ejecutar código de su elección a través de un gran argumentos a las funciones (1) EnumPrinters y (2) OpenPrinter. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in a print provider installed by the Netware Client. The nwspool.dll library does not properly handle long arguments to the Win32 EnumPrinters() and OpenPrinter() functions. • https://www.exploit-db.com/exploits/3220 https://www.exploit-db.com/exploits/29146 http://secunia.com/advisories/23027 http://securitytracker.com/id?1017263 http://securitytracker.com/id?1017315 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974765.htm http://www.kb.cert.org/vuls/id/300636 http://www.kb.cert.org/vuls/id/653076 http://www.novell.com/support/search.do?cmd=displayKC&externalId=3125538&sliceId=SAL_Public http://www.securityfocus.com/archive/1/ •
CVE-2006-2185
https://notcve.org/view.php?id=CVE-2006-2185
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. • http://secunia.com/advisories/20288 http://securitytracker.com/id?1016106 http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm http://www.osvdb.org/25780 http://www.securityfocus.com/bid/18017 http://www.vupen.com/english/advisories/2006/1829 https://exchange.xforce.ibmcloud.com/vulnerabilities/26488 •
CVE-2006-2327
https://notcve.org/view.php?id=CVE-2006-2327
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html http://securitytracker.com/id?1016068 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973700.htm http://www.hustlelabs.com/novell_ndps_advisory.pdf http://www.osvdb.org/25433 http://www.securityfocus.com/archive/1/434017/100/0/threaded http://www.securityfocus.com/bid/17922 http://www.vupen.com/english/advisories/2006/1740 https://exchange.xforce.ibmcloud.com/vulnerabilities/26314 • CWE-189: Numeric Errors •
CVE-2006-0997
https://notcve.org/view.php?id=CVE-2006-0997
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.osvdb.org/24046 http://www.securityfocus.com/bid/17176 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25380 •
CVE-2006-0998
https://notcve.org/view.php?id=CVE-2006-0998
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. La implementación del servidor SSL en NILE.NLM en Novell NetWare 6.5 y Novell Open Enterprise Server (OES) a veces selecciona un cifrado débil en lugar de un cifrado más fuerte disponible, lo que facilita a atacantes remotos rastrear y descifrar una sesión SSL protegida. • http://secunia.com/advisories/19324 http://securitytracker.com/id?1015799 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.osvdb.org/24047 http://www.securityfocus.com/bid/17176 http://www.securityfocus.com/bid/64758 http://www.vupen.com/english/advisories/2006/1043 https://exchange.xforce.ibmcloud.com/vulnerabilities/25381 •