Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Novell iPrint
Опубликовано:11 июня 2011 г.
Источник:
SecurityVulns ID:11725
Тип:клиент
Уровень опасности:
6/10
Описание:Выполнение кода через URI и куки op-printer-list-all-jobs, многочисленные выполнения кода через ActiveX.
Затронутые продукты:NOVELL : iPrint Client 5.63
CVE:CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.)
 CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.)
 CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.)
 CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.)
 CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.)
 CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.)
 CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.)
 CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.)
 CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.)
 CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.)
Оригинальный текстdocumentZDI, ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability (11.06.2011)
 documentZDI, ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability (11.06.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород