|Main Archive Page > Month Archives > full-disclosure-uk archives|
NOTE: Other versions may also be affected.
Rating: Less critical
Impact: Exposure of sensitive information Where: Remote
"Neither you nor your users have time to devote to a complex printing environment. That's why Novell iPrint extends print services securely across multiple networks and operating systems. Using proven Internet technologies, iPrint transforms your Novell Distributed Print Services™ (NDPS®) printers into Net-enabled printers, making all your printing resources instantly accessible with a Web browser and a few mouse clicks".
Secunia Research has discovered a security issue in Novell iPrint Client, which can be exploited by malicious people to gain knowledge of potentially sensitive information.
The insecure "GetFileList()" method returns a list of images (".jpg", ".jpeg", ".gif", and ".bmp") in a directory specified as argument to the method. This can be exploited to gain knowledge of any image file names in arbitrary directories on a user's system, including e.g. the user's "My Pictures" / "Pictures" folder without knowledge of the user's username.
Update to version 5.06.
Discovered by Carsten Eiram, Secunia Research.
The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-2432 for the vulnerability.
Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:
Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.
Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:
Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:
Secunia offers a FREE mailing list called Secunia Security Advisories:
Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-30/
Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/
Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0