News
Vigil@nce - Novell iPrint Client: buffer overflow of op-client-interface-version
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use "op-client-interface-version" with a return type of "url" and a very long parameter "call-back-url" in order to create a buffer overflow on the client machine.
Severity: 2/4
Creation date: 23/08/2010
DESCRIPTION OF THE VULNERABILITY
Novell iPrint Client is an application for Windows which is used to manage document printing with the Novell iPrint Server.
The "op-client-interface-version" returns the version associated with the plug-in’s HTML interface. It returns either an URL, a cookie or an object. In case of a returned URL (via call-back-url), the client incorrectly verify the size of the URL leading to a buffer overflow.
An attacker can therefore use "op-client-interface-version" with a return type of "url" and a very long parameter "call-back-url" in order to create a buffer overflow on the client machine.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
GOLD SPONSOR
