CVE-2007-2954

Novell Client NWSPOOL.DLL Stack Overflow Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854.

Múltiples desbordamientos de búfer en la región stack de la memoria en el servicio Spooler (biblioteca nwspool.dll) en Novell Client versiones 4.91 desde SP2 hasta SP4 para Windows, permite a atacantes remotos ejecutar código arbitrario por medio de ciertos argumentos largos en peticiones RPC (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory y otras no especificadas, también se conoce como bug de Novell 300870, una vulnerabilidad diferente de CVE-2006-5854.

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability.
The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. Several RPC functions exposed by this DLL do not properly verify argument sizes and subsequently copy user-supplied data to a stack-based buffer resulting in an exploitable overflow.

*Credits: Anonymous

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-31 CVE Reserved
2007-08-06 CVE Published
2024-05-27 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (9)

URL	Tag	Source
http://osvdb.org/37321	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-07-045	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/35824	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://download.novell.com/Download?buildid=VOXNZb-6t_g~	2017-07-29
http://secunia.com/advisories/26374	2017-07-29
http://secunia.com/secunia_research/2007-57/advisory	2017-07-29
http://securitytracker.com/id?1018623	2017-07-29
http://www.securityfocus.com/bid/25474	2017-07-29

URL	Date	SRC
http://www.vupen.com/english/advisories/2007/3006	2017-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Novell Search vendor "Novell"		Client Search vendor "Novell" for product "Client"				4.91 Search vendor "Novell" for product "Client" and version "4.91"		sp2		Affected
Novell Search vendor "Novell"		Client Search vendor "Novell" for product "Client"				4.91 Search vendor "Novell" for product "Client" and version "4.91"		sp3		Affected
Novell Search vendor "Novell"		Client Search vendor "Novell" for product "Client"				4.91 Search vendor "Novell" for product "Client" and version "4.91"		sp4		Affected