SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:   Application (Generic)  >   Novell iPrint Vendors:   Novell
Novell iPrint Client Browser Plugin Bugs Let Remote Users Delete Files and Execute Arbitrary Code
SecurityTracker Alert ID:  1024270
SecurityTracker URL:  http://securitytracker.com/id?1024270
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Aug 13 2010
Original Entry Date:  Jul 31 2010
Impact:   Disclosure of system information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.42
Description:   Several vulnerabilities reported in Novell iPrint. A remote user can execute arbitrary code on the target system. A remote user can delete files on the target system.

A remote user can exploit flaws in the Novell iPrint Client browser plugin to execute arbitrary code or delete files on the target system.

Ivan Almuina reported some of these vulnerabilities via TippingPoint's Zero Day Initiative. Aaron Portnoy of TippingPoint DVLabs reported some of these vulnerabilities. Francis Provencher for Protek Research Lab's reported one of these vulnerabilities via TippingPoint's Zero Day Initiative.
Impact:   A remote user can execute arbitrary code on the target system.

A remote user can delete files on the target system.
Solution:   The vendor has issued a fix (5.42).

The vendor's advisory is available at:

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5078392.html
Vendor URL:  support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5078392.html (Links to External Site)
Cause:   Not specified
Underlying OS:   Windows (7), Windows (Vista), Windows (XP)

Message History:   None.

 Source Message Contents
Date:  Fri, 30 Jul 2010 23:03:57 +0000
Subject:  Novell iPrint Client


http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5078392.html

ZDI-CAN-745: "Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution." This vulnerability was discovered by Ivan Almuina, working with TippingPoint's Zero Day Iniative. CVE assignment pending.

ZDI-CAN-754: "Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability." This vulnerability was discovered by Ivan Almuina, working with TippingPoint's Zero Day Iniative. CVE assignment pending.

ZDI-CAN-858: "Novell iPrint Client Browser Plugin Execute Request debug Parameter Remote Code Execution." This vulnerability was discovered by Aaron Portnoy, TippingPoint DVLabs. CVE assignment pending.

ZDI-CAN-867: "Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability." This vulnerability was discovered by Aaron Portnoy, TippingPoint DVLabs. CVE assignment pending.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2010, SecurityGlobal.net LLC