=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN321
_____________________________________________________________________

DATE                      : 16/08/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running Novell iPrint Client.

======================================================================
http://www.novell.com/support/viewContent.do?externalId=7006679
______________________________________________________________________

Security Vulnerability - Novell iPrint Client "call-back-url" Buffer Overflow

This document (7006679) is provided subject to the disclaimer at the end of
this document.

Environment

Novell iPrint Client for Windows

Situation

The vulnerability is caused by a boundary error in the handling of the
"call-back-url" parameter value for a "op-client-interface-version" operation
where the "result-type" parameter is set to "url". This can be exploited to
cause a stack-based buffer overflow via an overly long "call-back-url"
parameter value.

Successful exploitation allows execution of arbitrary code when a user visits
a malicious website.

Resolution

Fix is included in "iPrint Client for Windows XP/Vista/Win7 5.44"

Status

Security Alert

Additional Information

Secunia advisory SA40805 and CVE identifier CVE-2010-1527.
Found by Carsten Eiram, Secunia Research.

Document
Document ID:	7006679
Creation Date:	08-19-2010
Modified Date:	08-19-2010
Novell Product:	iPrint
Disclaimer

The Origin of this information may be internal or external to Novell. Novell
makes all reasonable efforts to verify this information. However, the
information provided in this document is for your information only. Novell
makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================