Vulnerability Details : CVE-2008-2431

Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method.
Publish Date : 2008-11-26 Last Update Date : 2017-08-08

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Execute CodeOverflow
CWE ID	119

- Products Affected By CVE-2008-2431

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Novell	Iprint	*	*	*	*	Version Details Vulnerabilities
2	Application	Novell	Iprint	4.26	*	*	*	Version Details Vulnerabilities
3	Application	Novell	Iprint	4.27	*	*	*	Version Details Vulnerabilities
4	Application	Novell	Iprint	4.28	*	*	*	Version Details Vulnerabilities
5	Application	Novell	Iprint	4.30	*	*	*	Version Details Vulnerabilities
6	Application	Novell	Iprint	4.32	*	*	*	Version Details Vulnerabilities
7	Application	Novell	Iprint	4.34	*	*	*	Version Details Vulnerabilities
8	Application	Novell	Iprint	4.36	*	*	*	Version Details Vulnerabilities
9	Application	Novell	Iprint	4.38	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Novell	Iprint	9

- References For CVE-2008-2431

http://secunia.com/advisories/30667
SECUNIA 30667

http://secunia.com/secunia_research/2008-27/advisory/

http://www.securityfocus.com/bid/30813
BID 30813 Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities Release Date:2008-08-28

https://exchange.xforce.ibmcloud.com/vulnerabilities/44616
XF novell-iprint-getdriverfile-bo(44616)

- Metasploit Modules Related To CVE-2008-2431

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)