Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
The Wireshark 1.0.1 edit
Mozilla the Firefox 2.0.
BlueZ the SDP load handl
WeFi journal file local
IntelliTamper HTML resol
IntelliTamper 2.0.7 (htm
ServerView Web connectio
phpMyAdmin long-distance
Microsoft PowerPoint Vie
DC++ many long-distance
VLC the media player WAV
Wordpress XML-RPC connec
PCRE the pcre_compile.c
BlueZ the SDP load handl
Microsoft Windows DNS se
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
Novell iPrint client sid
vBulletin $newpm[title]
Anzio Web Print Object A
IBM WebSphere the Portal
MailScan Web management
After GnuTLS gnutls_hand
Postfix local informatio
HAVP the sockethandler.c
xine-lib more than 1.1.1
IntelliTamper 2.0.7 (htm
IntelliTamper 2.07 (serv
Microsoft IE XHTML exagg
Microsoft IE MHTML agree
Microsoft PowerPoint Vie
Microsoft PowerPoint Vie
Novell iPrint client side ActiveX controls a security loophole
  Add date: 10/08/2008   Publishing date: 10/08/2008   Hits: 1
Total 2 pages, Current page:1, Jump to page:
 

Issues the date: 2008-08-25
Renewal date: 2008-08-26

Is affected the system:
Novell iPrint Client 5.04
Novell iPrint Client 4.36
Not affected system:
Novell iPrint Client 5.06
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30813
CVE(CAN) ID: CVE-2008-2431, CVE-2008-2432

Novell iPrint printing solution permission user to network printer transmission documents.

Novell the iPrint client side installs ienipp.ocx controls to have many security loopholes, allows the aggressor to read the sensitive information, or invasion subscriber system.

1) ienipp.ocx controls when processes the GetDriverFile() way to have the stack overflow, if transmitted ultra long string of character to this way's third parameter to be possible to trigger this overflow.

2) ienipp.ocx controls when founds URI based on GetPrinterURLList() and GetPrinterURLList2() way's input has the stack overflow, if transmitted ultra long string of character to these way's first parameter to be possible to trigger this overflow.

3) ienipp.ocx controls when processes the GetFileList() way the ultra length parameter to exist piles the overflow.

4) nipplib.dll, in the foundation server-side include or explained when URI exists piles the overflow and the stack overflow loophole. If to GetServerVersion(), GetResourceList() or the DeleteResource() way has transmitted ultra long string of character, may trigger these overflows.

5) ienipp.ocx controls when founds URI based on UploadPrinterDriver() and the UploadResource() way's input exists piles the overflow and the stack overflow loophole, the long-distance aggressor may trigger these overflows through the ultra long uploadPath parameter.

6) ienipp.ocx controls when the copy transmits for ExecuteRequest() the way ultra length target-fram option value has the stack overflow loophole.

7) ienipp.ocx controls when processes the UploadResource() way to have the stack overflow, if transmitted ultra long string of character to this way's seventh parameter to be possible to trigger this overflow.

8) in the nipplib.dll IppGetDriverSettings() function has three stack overflow loopholes, if to the GetDriverSettings() way second, third or the fourth parameter transmitted ultra long string of character to be possible to trigger these overflows.

9) ienipp.ocx controls in the UploadResourceToRMS way to have the stack overflow loophole, if transmitted ultra long string of character to this way's eighth parameter to be possible to trigger this overflow.

10) the GetFileList() way returns to .jpg, .jpeg, .gif and the .bmp graph tabulation in the table of contents which the parameter assigns, this allows the aggressor to obtain in the subscriber system random catalog the graphic file name, including user's My Pictures/Pictures folder.

<* origin: Carsten Eiram
 
  Link: http://secunia.com/secunia_research/2008-30/advisory/
        http://secunia.com/secunia_research/2008-27/advisory/
*>

Suggested:

 

Other pages: : 1 * 2 * Next>>
Prev:vBulletin $newpm[title] parameter cross station script crack

Comment:

Category: Home > System crack
Home