Novell iPrint客户端ActiveX控件栈溢出漏洞
信息来源:Will Dormann 发表日期:2013-11-15 11:42:00
Novell iPrint打印解决方案允许用户向网络打印机发送文档。
Novell iPrint 4.34版本客户端ActiveX控件处理某些参数值("operation", "printer-url", "target-frame")时存在边界错误,远程攻击者通过超长的字符串值,可能利用此漏洞执行任意代码。
BUGTRAQ-ID:29736
CVE-ID:2008-2908
受影响系统:
Novell iPrint Client for Windows 4.32
Novell iPrint Client for Windows 4.26
未受影响系统:
Novell iPrint Client for Windows 4.34
解决办法:安装厂商补丁
厂商补丁:
Novell
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://download.novell.com/Download?buildid=prBBH4JpImA~
参考:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
http://download.novell.com/Download?buildid=cbAVckbi_AM~
http://www.novell.com/products/netware/printing/quicklook.html
参考信息:
http://secunia.com/advisories/27994/
http://secunia.com/advisories/30709
http://www.kb.cert.org/vuls/id/145313