Update fixes hole in Novell Netware Client
A bug in Novell Client can be exploited to crash the software or inject and execute arbitrary code. It resembles the hole that was reported by the Zero-Day Initiative and was fixed no more than a month ago. Novel has released an update to fix the vulnerability.
When processing remote procedure calls (RPCs) to execute software functions via the network, a buffer overflow may occur in nwspool.dll. Affected RPC functions include RpcAddPrinterDriver and RpcGetPrinterDriverDirectory; they cannot handle excess length parameters.
Novell has released an update that fixes the vulnerabilities in the Novell Client 4.91 SP4 reported by ZDI and Secunia. Administrators are advised to install the update as soon as possible, even if they have already installed the previous patch.
- Download of the update (field test file) provided by Novell
- Novell Client NWSPOOL.DLL Buffer Overflow Vulnerabilities, security advisory by Secunia
- Novell patches security vulnerability in NetWare Client for Windows, heise Security news of July 30, 2007