Vulnerabilities in Novell iPrint client closed
Secunia has noted a number of critical vulnerabilities in the Novell iPrint web-based client which can allow an attacker to remotely control a system. The problems are caused by buffer overflows when parsing an overly long parameter.
According to reports, victims need only visit a malicious web site for a successful attack to take place. The issues affect Novell iPrint versions 4.38 to 5.30. An update to version 5.32 closes the holes.
See also:
- Secunia Research:Novell iPrint Client Date/Time Parsing Buffer Overflow
- Secunia Research:Novell iPrint Client "target-frame" Parameter Buffer Overflow
(djwm)