[Full-disclosure] Secunia Research: Novell iPrint Client ActiveX Control "GetFileList()" Information Disclosure

From: Secunia Research <remove-vuln_at_nospam>
Date: Mon Aug 25 2008 - 12:14:22 GMT
To: full-disclosure@lists.grok.org.uk

Secunia Research 25/08/2008 - Novell iPrint Client ActiveX Control - - "GetFileList()" Information Disclosure -
======================================================================
Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10
======================================================================
1) Affected Software

Novell iPrint Client 4.36
Novell iPrint Client for Windows Vista 5.04

NOTE: Other versions may also be affected.

2) Severity

Rating: Less critical
Impact: Exposure of sensitive information Where: Remote

3) Vendor's Description of Software

"Neither you nor your users have time to devote to a complex printing environment. That's why Novell iPrint extends print services securely across multiple networks and operating systems. Using proven Internet technologies, iPrint transforms your Novell Distributed Print Services™ (NDPS®) printers into Net-enabled printers, making all your printing resources instantly accessible with a Web browser and a few mouse clicks".

Product Link:
http://www.novell.com/products/openenterpriseserver/iprint.html

4) Description of Vulnerability

Secunia Research has discovered a security issue in Novell iPrint Client, which can be exploited by malicious people to gain knowledge of potentially sensitive information.

The insecure "GetFileList()" method returns a list of images (".jpg", ".jpeg", ".gif", and ".bmp") in a directory specified as argument to the method. This can be exploited to gain knowledge of any image file names in arbitrary directories on a user's system, including e.g. the user's "My Pictures" / "Pictures" folder without knowledge of the user's username.

5) Solution

Update to version 5.06.

6) Time Table 20/06/2008 - Vendor notified. 23/06/2008 - Vendor response. 07/07/2008 - Vendor reports that vulnerability has been addressed. 08/07/2008 - Vendor provides new version for testing. 08/07/2008 - Vendor informed that vulnerability is not fixed. 10/07/2008 - Details on vulnerability forwarded. 21/07/2008 - Vendor reports that vulnerability was missed and that a new tracking number will be generated. 22/08/2008 - Vendor issues fixed version for Vista. 25/08/2008 - Public disclosure.

7) Credits

Discovered by Carsten Eiram, Secunia Research.

8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-2432 for the vulnerability.

9) About Secunia

Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:

http://corporate.secunia.com/

Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.

http://secunia.com/

Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:

http://corporate.secunia.com/secunia_research/33/

Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:

http://secunia.com/secunia_vacancies/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

Verification

Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-30/

Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/

--===============1409666706==
Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ --===============1409666706==--

This message: [ Message body ]
Next message: iViZ Security Advisories: "[Full-disclosure] [IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage"
Previous message: Secunia Research: "[Full-disclosure] Secunia Research: Novell iPrint Client ActiveX Control Multiple Buffer Overflows"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]