Check Point Advisories

Novell Distributed Print Services Integer Overflow (CVE-2006-2327)

Check Point Reference: CPAI-2006-196
Date Published: 30 May 2010
Severity: Critical
Last Updated: Sunday 30 May, 2010
Source:
Industry Reference:CVE-2006-2327
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description The Novell Netware operating system as well as various other Novell products contain numerous components which serve to provide various capabilities and services. One such component is the Novell Distributed Printing Services (NDPS) component which provides extended printing facilities that enables clients to control a printer device in a more effective way. This is implemented through the NDPS protocol, which, in addition, may be used to distribute printer resources among client hosts as needed. There exists an integer overflow vulnerability in Novell Distributed Print Services module in multiple Novell products. The vulnerability is caused due to lack of proper boundary checks prior to the calculation of the size of a memory buffer. An unauthenticated attacker may exploit this vulnerability to inject and execute arbitrary code in the context of the vulnerable application, Super User in the Netware systems. Successful exploitation of this vulnerability may allow the flow of the process to be diverted to an arbitrary location. In such a case, the behavior of the target host will be completely dependent on the intention of the injected code. In case of an unsuccessful attack, the Novell Distributed Print Services will terminate, causing a denial of service condition. To restore the functionality, the application or service must be restarted manually.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Novell Distributed Print Services Integer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Application Servers Protection Violation.
Attack Information:  Novell Distributed Print Services integer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK