Description: Ryan Smith and Alex Wheeler have reported a vulnerability in Novell Distributed Print Service (DPS), which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an integer overflow error within the variable-length array decoding code in the RPC-based protocol library. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution.
The vulnerability has been reported in the following products:
* Novell Distributed Print Services (NDPS).
* Novell Novell Open Enterprise Server (NetWare based)
* Novell Client versions 4.83 SP3, 4.90 SP2, and 4.91 SP2 for Windows 2000/XP/2003.
Solution: Update to the fixed versions.
Novell NDPS/ Open Enterprise Server:
The vulnerability has been fixed in DPRPCNLM.NLM version 3.00.16 dated 2006-05-02 or later, available in patch dprpc_security.exe released on 2006-05-22.
Novell Client:
The vulnerability has been fixed in Post-SP2 DPRPCW32.DLL dated 2006-05-08 or later, available in patch 491psp2_dprpcw32.exe released on 2006-05-22.
Provided and/or discovered by: Ryan Smith and Alex Wheeler.
Changelog: 2006-05-15: Added CVE reference.
2006-05-16: Updated advisory with additional affected products. Updated "Description" section.
2006-05-16: Added CVE reference.
2006-05-23: Updated "Solution" section.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
