=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN117
_____________________________________________________________________

DATE                      : 14/02/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Linux running Novell iPrint for Linux Open Enterprise Server.

======================================================================
http://www.novell.com/support/viewContent.do?externalId=7007858
______________________________________________________________________

Security Vulnerability - Novell iPrint LPD Remote Code Execution
Vulnerability

This document (7007858) is provided subject to the disclaimer at the
end of this document.

Environment
Novell iPrint for Linux Open Enterprise Server Support Pack 2
Novell iPrint for Linux Open Enterprise Server Support Pack 3


Situation

This security vulnerability allows remote attackers to execute arbitrary
code on vulnerable installations of Novell iPrint Server. Authentication
is not required to exploit this vulnerability.

Resolution
The fix for this security vulnerability is included in the released "Novell
Open Enterprise Server 2 iPrint Server Security Patch" patch, available at
http://download.novell.com/Download?buildid=KloKR_CmrBs~


Status
Security Alert


Additional Information
ZDI-CAN-1008: "Novell iPrint LPD Remote Code Execution Vulnerability."
This vulnerability was discovered by Francis Provencher for Protek Research Lab,
working with TippingPoint's Zero Day Iniative. CVE-2010-4328.


Document
Document ID:	7007858
Creation Date:	02-09-2011
Modified Date:	02-09-2011
Novell Product:	iPrint
Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information.
However, the information provided in this document is for your
information only. Novell makes no explicit or implied claims to
the validity of this information.

Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================