CVE-2008-0639
Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.
Desbordamiento de búfer basado en pila en la función EnumPrinters del servicio Spooler en Novell Client 4.91 SP2, SP3 y SP4 para Windows, permite a atacantes remotos ejecutar código de su elección mediante una petición RPC manipulada, también conocida como Novell bug 353138, una vulnerabilidad diferente a la CVE-2006-5854. NOTA: este problema se produce debido a un parche incompleto para CVE-2007-6701.
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability.
The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. The EnumPrinters function exposed by this DLL contains a logical flaw allowing an attacker to bypass a patch introduced to prevent the vulnerability described in ZDI-07-045. Exploitation of this vulnerability leads to arbitrary code execution in the context of the SYSTEM user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-06 CVE Reserved
- 2008-02-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5008300.html | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/487980/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1019366 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0496 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://download.novell.com/Download?buildid=SszG22IIugM~ | 2018-10-15 | |
| http://marc.info/?l=full-disclosure&m=120276962211348&w=2 | 2018-10-15 | |
| http://secunia.com/advisories/28895 | 2018-10-15 | |
| http://www.securityfocus.com/bid/27741 | 2018-10-15 | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-005.html | 2018-10-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 4.91 Search vendor "Novell" for product "Client" and version "4.91" | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 4.91 Search vendor "Novell" for product "Client" and version "4.91" | sp3 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Novell Search vendor "Novell" | Client Search vendor "Novell" for product "Client" | 4.91 Search vendor "Novell" for product "Client" and version "4.91" | sp4 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|