In association with heise online

29 August 2007, 15:15

Update fixes hole in Novell Netware Client

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A bug in Novell Client can be exploited to crash the software or inject and execute arbitrary code. It resembles the hole that was reported by the Zero-Day Initiative and was fixed no more than a month ago. Novel has released an update to fix the vulnerability.

When processing remote procedure calls (RPCs) to execute software functions via the network, a buffer overflow may occur in nwspool.dll. Affected RPC functions include RpcAddPrinterDriver and RpcGetPrinterDriverDirectory; they cannot handle excess length parameters.

Novell has released an update that fixes the vulnerabilities in the Novell Client 4.91 SP4 reported by ZDI and Secunia. Administrators are advised to install the update as soon as possible, even if they have already installed the previous patch.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit