Novell Client 4.91 SP4 nwspool.dll buffer overflow

Added: 08/10/2007
CVE: CVE-2007-6701
BID: 25092
OSVDB: 37319

Background

Novell Client software provides NetWare connectivity to Windows platforms.

Problem

The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote attackers to execute arbitrary commands by sending a specially crafted RPC request to the Spooler service.

Resolution

Install the Novell Client 4.91 Post-SP4 nwspool.dll.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-045.html

Limitations

Exploit works on Novell Client for Windows 4.91 SP4.

For Windows Server 2003 targets, a shared printer must be configured before running the exploit, and valid user credentials with Administrator privileges must be provided.

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation on Windows Server 2003. These packages are available from http://cpan.org/modules/by-module/.

Platforms

Windows

Back to exploit index