Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
BID:25092
Info
Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
| Bugtraq ID: | 25092 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-6701 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 27 2007 12:00AM |
| Updated: | Apr 16 2015 06:11PM |
| Credit: | TippingPoint Technologies is credited with the discovery of this vulnerability. |
| Vulnerable: |
Novell Client 4.91 SP4 |
| Not Vulnerable: | |
Discussion
Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
Novell Client is prone to a unspecified buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
This issue affects Novell Client 4.91 SP4; other versions may also be vulnerable.
Novell Client is prone to a unspecified buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
This issue affects Novell Client 4.91 SP4; other versions may also be vulnerable.
Exploit / POC
Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
An exploit is available for members of the Immunity Partner's program. It is not known to be publicly available. Members may obtain the exploit at the following URI:
https://www.immunityinc.com/downloads/immpartners/netware_pp2.tar
An exploit is available for members of the Immunity Partner's program. It is not known to be publicly available. Members may obtain the exploit at the following URI:
https://www.immunityinc.com/downloads/immpartners/netware_pp2.tar
Solution / Fix
Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
Solution:
Novell has released an advisory along with a fix to address this issue. Please see the references for more information.
Novell Client 4.91 SP4
Solution:
Novell has released an advisory along with a fix to address this issue. Please see the references for more information.
Novell Client 4.91 SP4
-
Novell Novell Client 4.91 Post-SP4 NWSPOOL.DLL
http://download.novell.com/Download?buildid=35u0-_z6wT8~
References
Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability
References:
References:
- Novell Homepage (Novell)
- ZDI-07-045: Novell Client NWSPOOL.DLL Stack Overflow Vulnerability (ZDI Disclosures)
- Novell Client 4.91 Post-SP4 NWSPOOL.DLL (Novell)
- ZDI-07-045: Novell Client NWSPOOL.DLL Stack Overflow Vulnerability (ZDI Disclosures)