Security
Novell's iPrint open to attack, say researchers
Attackers can exploit bugs in Novell's iPrint application to obtain corporate information or hijack computers, security experts said today.
Related links
No results were found for your search.
Your query is too restrictive.
You might want to try: security
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
Novell has issued a patch that plugs multiple holes in the ActiveX control that Novell ships as part of its iPrint product, but according to Danish bug tracker Secunia, one of the flaws remains unfixed.
Secunia, which reported the bugs to Novell, counted at least eight vulnerabilities in the ActiveX control included with the Windows Vista version of the iPrint client, as well as several other flaws in another Windows Vista iPrint component.
iPrint is Novell's implementation of the Internet Printing Protocol (IPP), and lets users use, install and manage printers through the browser. The Vista version of the application ships with Novell's Open Enterprise Server 2 and NetWare 6.5 Support Pack 7.
Novell posted an update to iPrint last week that patches all but one of the vulnerabilities, said Secunia in an alert it published today. The update takes iPrint to version 5.06. A fix for the older 4.x edition of iPrint, however, is not yet available.
For its part, Novell's accompanying advisory only specified one of the many vulnerabilities listed by Secunia, and lumped the rest under a heading of "Security fixes: Multiple Buffer Overflow Security Vulnerabilities."
This is not the first time that Novell has had to quash bugs in iPrint's ActiveX control. Just two months ago, a researcher at the U.S. Computer Emergency Readiness Team (US-CERT) uncovered several vulnerabilities in the control packaged with iPrint for Windows 2000 and Windows XP. Novell patched those bugs with the iPrint 4.36 update in June.
ActiveX vulnerabilities are commonplace. Earlier this year, in fact, Symantec reported that the Microsoft technology accounted for 79% of all browser plug-in bugs in the second half of 2007.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.