=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN580
_____________________________________________________________________

DATE                      : 21/12/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP/2000 running Novell NetWare Client.

======================================================================

Vulnerability Note VU#300636
Novell NetWare Client for Windows OpenPrinter() function vulnerable to buffer 
overflow
Overview
A vulnerability exists in the Novell NetWare client that could allow a remote 
attacker to execute arbitrary code on an affected system.
I. Description
NetWare is a network operating system produced and maintained by Novell. Novell 
provides NetWare clients for Microsoft Windows and Linux operating systems.

 From the Novell Client for Windows XP/2000 product overview:

It enables you to access NetWare® services from Windows XP or 2000 workstations 
or servers and tightly integrates either product into your NetWare network. For 
example, with Novell Client for Windows XP/2000, you can browse through 
authorized NetWare directories, transfer files, print documents and use advanced 
NetWare services directly from a Windows XP or 2000 workstation.

The nwspool.dll library is included with the Novell Client for Windows, and 
provides access to remote printing services.

There is a buffer overflow vulnerability in the OpenPrinter() function which is 
used in the nwspool.dll library. An attacker may be able to trigger the overflow 
by sending specially-crafted Remote Procedure Call (RPC) requests to the Spooler 
service on a vulnerable system.
II. Impact
A remote unauthenticated attacker may be able to execute arbitrary code on a 
vulnerable system.
III. Solution
Upgrade

Novell has issued a beta upgrade that addresses this issue. See Novell Technical 
Information Document TID2974765 for more details.
Systems Affected
Vendor Status Date Updated
Novell, Inc. Vulnerable 19-Dec-2006
References


http://www.zerodayinitiative.com/advisories/ZDI-06-043.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974765.htm
http://secunia.com/advisories/23027/
https://secure-support.novell.com/KanisaPlatform/Publishing/583/3125538_f.SAL_Public.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974765.htm
Credit

The Zero Day Initiative disclosed this vulnerability.

This document was written by Ryan Giobbi.
Other Information
Date Public 11/21/2006
Date First Published 12/19/2006 04:29:21 PM
Date Last Updated 12/19/2006
CERT Advisory
CVE Name CVE-2006-5854
Metric 3.21
Document Revision 9

[***** End US-CERT Vulnerability Note VU#300636 *****]



======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================