Novell Client 4.91 SP4 nwspool.dll buffer overflow
Added: 08/10/2007CVE: CVE-2007-6701
BID: 25092
OSVDB: 37319
Background
Novell Client software provides NetWare connectivity to Windows platforms.Problem
The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Spooler service.Resolution
Install the Novell Client 4.91 Post-SP4 nwspool.dll.References
http://www.zerodayinitiative.com/advisories/ZDI-07-045.htmlLimitations
Exploit works on Novell Client for Windows 4.91 SP4.For Windows Server 2003 targets, a shared printer must be configured before running the exploit, and valid user credentials with Administrator privileges must be provided.
The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation on Windows Server 2003. These packages are available from http://cpan.org/modules/by-module/.
Platforms
WindowsBack to exploit index