Security Vulnerability - Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability

Document ID:7010084
Creation Date:31-Jan-2012
Modified Date:27-Apr-2012
- Micro Focus Products:
  iPrint
  Open Enterprise Server

Environment

Novell iPrint for Linux Open Enterprise Server Support Pack 3
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3

Situation

Security Vulnerability - Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability. This is a simple buffer overflow issue.

Resolution

This security vulnerability is resolved in the post OES2 SP3 patch 7885, available here:

for x86_64:
https://download.novell.com/Download?buildid=yIR7hdR-ywY~

for x86:
https://download.novell.com/Download?buildid=sr-Gtey7LG0~

Status

Security Alert

Additional Information

ZDI-CAN-1354: Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability. This vulnerability was found by G. Geshev, working with TippingPoint's Zero Day Initiative. CVE-2011-4194