NDPS client remote integer overflow vulnerability

  • 3001076
  • 02-Jun-2006
  • 27-Apr-2012

Environment


Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 1
Novell Client for Windows 2000/XP/2003 4.91

Situation

Remote integer overflow is possible.

Resolution

This problem is fixed with an updated DPRPCW32.DLL dated 8May2006 or later.  Search Novell's File Finder for this file.

Question / Answer:
How long has this vulnerability existed?
This vulnerability has always existed with the NDPS Component that can install as an optional package with the Novell Client for Windows.

Which workstations need to apply this update?
Workstations that have the Novell Client for Windows installed with the Novell Distributed Print Services component should appply this update.   The NDPS Component can be installed when doing a custom installation.  The typical installation will not install this component.

How serious is the vulnerability?
Novell recommends that workstation that has the NDPS Component installed apply this update.   Also of interest, there have been no reports of this vulnerability being exploited.

What are the risks of applying this update?
The changes made to resolve the vulnerability are very minor.  The risk that the change made will have a negative impact on the client's performance is very low.

What are the risks of not applying this update?
Someone could write an executable to overflow the workstation's buffer.  There have been no reports of this ever happening, but it is possible.

Status

Security Alert

Additional Information

This vulnerability was discovered by Ryan Smith and Alex Wheeler associated with http://www.hustlelabs.com.

More detailed information regarding this advisory can be found at http://hustlelabs.com/novell_ndps_advisory.pdf.