CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.2%
The version of Novell iPrint Client installed on the remote host is prior to 5.64. It is, therefore, affected by one or more of the following vulnerabilities in the nipplib.dll component, as used by both types of browser plugins, that can allow for arbitrary code execution :
The uri parameter from user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap. (ZDI-11-172 / CVE-2011-1699)
The profile-time parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-173 / CVE-2011-1700)
The profile-name parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-174 / CVE-2011-1701)
The file-date-time parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-175 / CVE-2011-1702)
The driver-version parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-176 / CVE-2011-1703)
The core-package parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-177 / CVE-2011-1704)
The client-file-name parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-178 / CVE-2011-1705)
The iprint-client-config-info parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-179 / CVE-2011-1706)
The op-printer-list-all-jobs cookie parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-180 / CVE-2011-1708)
The op-printer-list-all-jobs url parameter from the user specified printer-url is not properly handled before passing it to a fixed-length buffer on the heap.
(ZDI-11-181 / CVE-2011-1707)
#
# (C) Tenable Network Security, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(54988);
script_version("1.8");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_cve_id(
"CVE-2011-1699",
"CVE-2011-1700",
"CVE-2011-1701",
"CVE-2011-1702",
"CVE-2011-1703",
"CVE-2011-1704",
"CVE-2011-1705",
"CVE-2011-1706",
"CVE-2011-1707",
"CVE-2011-1708"
);
script_bugtraq_id(48124);
script_xref(name:"Secunia", value:"44811");
script_xref(name:"ZDI", value:"ZDI-11-172");
script_xref(name:"ZDI", value:"ZDI-11-173");
script_xref(name:"ZDI", value:"ZDI-11-174");
script_xref(name:"ZDI", value:"ZDI-11-175");
script_xref(name:"ZDI", value:"ZDI-11-176");
script_xref(name:"ZDI", value:"ZDI-11-177");
script_xref(name:"ZDI", value:"ZDI-11-178");
script_xref(name:"ZDI", value:"ZDI-11-179");
script_xref(name:"ZDI", value:"ZDI-11-180");
script_xref(name:"ZDI", value:"ZDI-11-181");
script_name(english:"Novell iPrint Client < 5.64 Multiple Vulnerabilities");
script_summary(english:"Checks version of Novell iPrint Client.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote host contains an application that is affected by multiple
vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The version of Novell iPrint Client installed on the remote host is
prior to 5.64. It is, therefore, affected by one or more of the
following vulnerabilities in the nipplib.dll component, as used by
both types of browser plugins, that can allow for arbitrary code
execution :
- The uri parameter from user specified printer-url is
not properly handled before passing it to a fixed-length
buffer on the heap. (ZDI-11-172 / CVE-2011-1699)
- The profile-time parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-173 / CVE-2011-1700)
- The profile-name parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-174 / CVE-2011-1701)
- The file-date-time parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-175 / CVE-2011-1702)
- The driver-version parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-176 / CVE-2011-1703)
- The core-package parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-177 / CVE-2011-1704)
- The client-file-name parameter from the user specified
printer-url is not properly handled before passing it to
a fixed-length buffer on the heap.
(ZDI-11-178 / CVE-2011-1705)
- The iprint-client-config-info parameter from the user
specified printer-url is not properly handled before
passing it to a fixed-length buffer on the heap.
(ZDI-11-179 / CVE-2011-1706)
- The op-printer-list-all-jobs cookie parameter from the
user specified printer-url is not properly handled
before passing it to a fixed-length buffer on the heap.
(ZDI-11-180 / CVE-2011-1708)
- The op-printer-list-all-jobs url parameter from the user
specified printer-url is not properly handled before
passing it to a fixed-length buffer on the heap.
(ZDI-11-181 / CVE-2011-1707)"
);
script_set_attribute(attribute:"see_also", value:"http://download.novell.com/Download?buildid=6_bNby38ERg~");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-172/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-173/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-174/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-175/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-176/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-177/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-178/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-179/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-180/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-181/");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518266/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518267/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518269/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518270/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518271/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518268/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518272/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518273/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518274/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/518275/30/0/threaded");
script_set_attribute(attribute:"solution", value:"Upgrade to Novell iPrint Client 5.64 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/06");
script_set_attribute(attribute:"patch_publication_date", value:"2011/06/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:iprint");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("novell_iprint_532.nasl");
script_require_keys("SMB/Novell/iPrint/Version");
script_require_ports(139, 445);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
kb_base = "SMB/Novell/iPrint/";
version = get_kb_item_or_exit(kb_base+"Version");
version_ui = get_kb_item_or_exit(kb_base+"Version_UI");
dll = get_kb_item_or_exit(kb_base+"DLL");
fixed_version = "5.6.4.0";
fixed_version_ui = "5.64";
if (ver_compare(ver:version, fix:fixed_version) == -1)
{
if (report_verbosity > 0)
{
path = get_kb_item(kb_base+"Path");
if (isnull(path)) path = 'n/a';
report =
'\n File : '+dll+
'\n Installed version : '+version_ui+
'\n Fixed version : '+fixed_version_ui+'\n';
security_hole(port:get_kb_item("SMB/transport"), extra:report);
}
else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The host is not affected since Novell iPrint Client "+version_ui+" is installed.");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1706
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1708
download.novell.com/Download?buildid=6_bNby38ERg~
www.securityfocus.com/archive/1/518266/30/0/threaded
www.securityfocus.com/archive/1/518267/30/0/threaded
www.securityfocus.com/archive/1/518268/30/0/threaded
www.securityfocus.com/archive/1/518269/30/0/threaded
www.securityfocus.com/archive/1/518270/30/0/threaded
www.securityfocus.com/archive/1/518271/30/0/threaded
www.securityfocus.com/archive/1/518272/30/0/threaded
www.securityfocus.com/archive/1/518273/30/0/threaded
www.securityfocus.com/archive/1/518274/30/0/threaded
www.securityfocus.com/archive/1/518275/30/0/threaded
www.zerodayinitiative.com/advisories/ZDI-11-172/
www.zerodayinitiative.com/advisories/ZDI-11-173/
www.zerodayinitiative.com/advisories/ZDI-11-174/
www.zerodayinitiative.com/advisories/ZDI-11-175/
www.zerodayinitiative.com/advisories/ZDI-11-176/
www.zerodayinitiative.com/advisories/ZDI-11-177/
www.zerodayinitiative.com/advisories/ZDI-11-178/
www.zerodayinitiative.com/advisories/ZDI-11-179/
www.zerodayinitiative.com/advisories/ZDI-11-180/
www.zerodayinitiative.com/advisories/ZDI-11-181/