{"vuid":"VU#653076","idnumber":"653076","name":"Novell NetWare Client for Windows EnumPrinters() function vulnerable to buffer overflow","keywords":["Novell Client","buffer overflow","Spooler service","EnumPrinters() function","NWSPOOL.DLL","netware"],"overview":"A vulnerability exists in the Novell NetWare client that could allow a remote attacker to execute arbitrary code on an affected system.","clean_desc":"NetWare is a network operating system produced and maintained by Novell. Novell provides NetWare clients for Microsoft Windows and Linux operating systems. From the Novell Client for Windows XP/2000 product overview: It enables you to access NetWare® services from Windows XP or 2000 workstations or servers and tightly integrates either product into your NetWare network. For example, with Novell Client for Windows XP/2000, you can browse through authorized NetWare directories, transfer files, print documents and use advanced NetWare services directly from a Windows XP or 2000 workstation. The nwspool.dll library is included with the Novell Client for Windows, and provides access to remote printing services. There is a  buffer overflow vulnerability in the EnumPrinters() function which is used in the nwspool.dll library. An attacker may be able to trigger the overflow by sending specially-crafted Remote Procedure Call (RPC) requests to the Spooler service on a vulnerable system.","impact":"A remote unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.","resolution":"Upgrade\nNovell has issued a beta upgrade that addresses this issue. See Novell Technical Information Document TID2974765 for more details.","workarounds":"","sysaffected":"","thanks":"The \nZero Day Initiative\n disclosed this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974765.htm","http://secunia.com/advisories/23027/","https://secure-support.novell.com/KanisaPlatform/Publishing/583/3125538_f.SAL_Public.html","http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974765.htm"],"cveids":["CVE-2006-6114"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-18T21:55:01Z","publicdate":"2006-11-21T00:00:00Z","datefirstpublished":"2006-12-19T21:29:41Z","dateupdated":"2006-12-20T00:27:04Z","revision":29,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"4","cam_impact":"16","cam_easeofexploitation":"13","cam_attackeraccessrequired":"17","cam_scorecurrent":"6.63","cam_scorecurrentwidelyknown":"7.956","cam_scorecurrentwidelyknownexploited":"13.26","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.63,"vulnote":null}