Security Vulnerability - Novell iPrint LPD Remote Code Execution Vulnerability

Document ID:7007858
Creation Date:09-Feb-2011
Modified Date:26-Apr-2012
- Micro Focus Products:
  iPrint

Environment

Novell iPrint for Linux Open Enterprise Server Support Pack 2

Novell iPrint for Linux Open Enterprise Server Support Pack 3

Situation

This security vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Server. Authentication is not required to exploit this vulnerability.

Resolution

Apply the latest novell-iprint-server code from the channel. This issue is resolved in novell-iprint-server RPM dated January 4, 2011 or later.

Status

Security Alert

Additional Information

ZDI-CAN-1008: "Novell iPrint LPD Remote Code Execution Vulnerability." This vulnerability was discovered by Francis Provencher for Protek Research Lab, working with TippingPoint's Zero Day Iniative. CVE-2010-4328.

Type this command to determine the date of the installed novell-iprint-server RPM:

rpm -qa novell-iprint-server