Vulnerability Name:

CVE-2007-2954 (CCN-35824)

Assigned:2007-08-06
Published:2007-08-06
Updated:2017-07-29
Summary:Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2954

Source: CONFIRM
Type: Patch
http://download.novell.com/Download?buildid=VOXNZb-6t_g~

Source: OSVDB
Type: UNKNOWN
37321

Source: CCN
Type: SA26374
Novell Client NWSPOOL.DLL Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
26374

Source: CCN
Type: Secunia Research 29/08/2007
Novell Client NWSPOOL.DLL Buffer Overflow Vulnerabilities

Source: MISC
Type: Patch, Vendor Advisory
http://secunia.com/secunia_research/2007-57/advisory/

Source: CCN
Type: SECTRACK ID: 1018623
Novell Client NWSPOOL.DLL Stack Overflows Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1018623

Source: CCN
Type: Novell Technical Information Document ID: 5005400
Novell Client 4.91 Post-SP4 NWSPOOL.DLL

Source: CCN
Type: OSVDB ID: 37319
Novell NetWare Client NWSPOOL.DLL RPC Functions Remote Overflow

Source: CCN
Type: OSVDB ID: 37321
Novell NetWare Client NWSPOOL.DLL RPC Printer Functions Remote Overflow

Source: BID
Type: Patch
25474

Source: CCN
Type: BID-25474
Novell Client NWSPOOL.DLL RPC Request Multiple Buffer Overflow Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3006

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-045/

Source: XF
Type: UNKNOWN
novell-client-nwspool-bo(35824)

Source: XF
Type: UNKNOWN
novell-client-nwspool-bo(35824)

Source: CCN
Type: ZDI-07-045
Novell Client NWSPOOL.DLL Stack Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:client:4.91:sp2:*:*:*:*:*:*
  • OR cpe:/a:novell:client:4.91:sp3:*:*:*:*:*:*
  • OR cpe:/a:novell:client:4.91:sp4:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:netware_client:4.91:sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell client 4.91 sp2
    novell client 4.91 sp3
    novell client 4.91 sp4
    novell netware client 4.91 sp4