Environment
NovellDistributed Print
Services (NDPS).
Novell Novell Open Enterprise Server (NetWare based)
Novell Novell Open Enterprise Server (NetWare based)
Situation
Remote integer overflow is possible.
Resolution
Fix for this vunlerability is in DPRPCNLM.NLM version 3.00.16 and
dated 05-02-2006 or newer.
Question / Answer:
How long has this vulnerability existed?
This vulnerability has always existed with NDPS and iPrint.
How serious is the vulnerability?
Novell recommends that every server that has NDPS, iPrint, or iManager that manages an iPrint server apply this update. Also of interest, there have been no reports of this vulnerability being exploited.
What are the risks of applying this update?
The changes made to resolve the vulnerability are very minor. The risk that the change made will have a negative impact on the server's performance is very low.
What are the risks of not applying this update?
Someone could write an executable to overflow the server's buffer. There have been no reports of this ever happening, but it is possible.
Question / Answer:
How long has this vulnerability existed?
This vulnerability has always existed with NDPS and iPrint.
How serious is the vulnerability?
Novell recommends that every server that has NDPS, iPrint, or iManager that manages an iPrint server apply this update. Also of interest, there have been no reports of this vulnerability being exploited.
What are the risks of applying this update?
The changes made to resolve the vulnerability are very minor. The risk that the change made will have a negative impact on the server's performance is very low.
What are the risks of not applying this update?
Someone could write an executable to overflow the server's buffer. There have been no reports of this ever happening, but it is possible.
Status
Reported to EngineeringSecurity Alert
Additional Information
Vulnerability was discovered by Ryan Smith and Alex Wheeler
associated with http://www.hustlelabs.com.
More detailed information regarding this advisory can be found athttp://www.hustlelabs.com/novell_ndps_advisory.pdf.
More detailed information regarding this advisory can be found athttp://www.hustlelabs.com/novell_ndps_advisory.pdf.