CVE-2011-3173 – Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3173
Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field. Desbordamiento de búfer basado en la pila en la función GetDriverSettings en nipplib.dll en el cliente iPrint en Novell Open Enterprise Server 2 (también conocido como OES2) SP3 permite a atacantes remotos ejecutar código de su elección a través de (1) 'hostname' largo o (2) 'port field'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. • http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5117030.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5117031.html http://www.novell.com/support/viewContent.do?externalId=7009676 http://www.zerodayinitiative.com/advisories/ZDI-11-309 https://bugzilla.novell.com/show_bug.cgi?id=707730 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4328 – Novell iPrint LPD Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4328
Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes. Múltiples desbordamientos de búfer basados en pila en opt/novell/iPrint/bin/ipsmd en Novell iPrint para Linux Open Enterprise Server v2 SP2 y SP3 permiten a atacantes remotos ejecutar código de su elección a través de códigos de operación LPR no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability. The flaw exists within the '/opt/novell/iprint/bin/ipsmd' component this component communicates with 'ilprsrvd' which listens on TCP port 515. When handling multiple LPR opcodes the process blindly copies user supplied data into a fixed-length buffer on the stack. • https://www.exploit-db.com/exploits/16192 http://download.novell.com/Download?buildid=KloKR_CmrBs~ http://osvdb.org/70852 http://secunia.com/advisories/43281 http://securityreason.com/securityalert/8096 http://www.novell.com/support/viewContent.do?externalId=7007858&sliceId=1 http://www.securityfocus.com/archive/1/516506/100/0/threaded http://www.securityfocus.com/bid/46309 http://www.securitytracker.com/id?1025074 http://www.vupen.com/english/advisories/2011/0353 http://ww • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •