CVE-2008-2431
CVSS V2 High 9.3
CVSS V3 None
Description
Multiple buffer overflows in Novell iPrint Client before 5.06 allow remote attackers to execute arbitrary code by calling the Novell iPrint ActiveX control (aka ienipp.ocx) with (1) a long third argument to the GetDriverFile method; a long first argument to the (2) GetPrinterURLList or (3) GetPrinterURLList2 method; (4) a long argument to the GetFileList method; a long argument to the (5) GetServerVersion, (6) GetResourceList, or (7) DeleteResource method, related to nipplib.dll; a long uploadPath argument to the (8) UploadPrinterDriver or (9) UploadResource method, related to URIs; (10) a long seventh argument to the UploadResource method; a long string in the (11) second, (12) third, or (13) fourth argument to the GetDriverSettings method, related to the IppGetDriverSettings function in nipplib.dll; or (14) a long eighth argument to the UploadResourceToRMS method.
Overview
- CVE ID
- CVE-2008-2431
- Assigner
- PSIRT-CNA@flexerasoftware.com
- Vulnerability Status
- Modified
- Published Version
- 2008-11-26T01:30:00
- Last Modified Date
- 2017-08-08T01:31:02
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:novell:iprint:*:*:*:*:*:*:*:* | 1 | OR | 5.04 | |
cpe:2.3:a:novell:iprint:4.26:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:novell:iprint:4.27:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:novell:iprint:4.28:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:novell:iprint:4.30:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:novell:iprint:4.32:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:novell:iprint:4.34:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:novell:iprint:4.36:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:novell:iprint:4.38:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 9.3
- Severity
- HIGH
- Exploitability Score
- 8.6
- Impact Score
- 10
References
Reference URL | Reference Tags |
---|---|
http://secunia.com/secunia_research/2008-27/advisory/ | Vendor Advisory |
http://secunia.com/advisories/30667 | Vendor Advisory |
http://www.securityfocus.com/bid/30813 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/44616 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2008-2431 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2431 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 09:07:36 | Added to TrackCVE |