About usContact usRSSNewslettersBlogsVideo

Register | Login

Advertisement
  • Networking
  • Storage
  • Security
  • Mobility and Wireless
  • Applications
  • OS and Servers
  • Mid-sized Business
  • Green IT
  • IBM Infoclipz

News 

News

26 August 2008

Novell's iPrint vulnerable to attack

By Gregg Keizer, Computerworld (US)

Attackers can exploit bugs in Novell's iPrint application to obtain corporate information or hijack computers, security experts have warned.

Advertisement

Novell has issued a patch that plugs multiple holes in the ActiveX control that Novell ships as part of its iPrint product, but according to Danish bug tracker Secunia, one of the flaws remains unfixed.

Secunia, which reported the bugs to Novell, counted at least eight vulnerabilities in the ActiveX control included with the Windows Vista version of the iPrint client, as well as several other flaws in another Windows Vista iPrint component.

iPrint is Novell's implementation of the Internet Printing Protocol (IPP), and lets users use, install and manage printers through the browser. The Vista version of the application ships with Novell's Open Enterprise Server 2 and NetWare 6.5 Support Pack 7.

Novell posted an update to iPrint last week that patches all but one of the vulnerabilities, said Secunia in an alert it published on Monday. The update takes iPrint to version 5.06. A fix for the older 4.x edition of iPrint, however, is not yet available.

Advertisement

For its part, Novell's accompanying advisory only specified one of the many vulnerabilities listed by Secunia, and lumped the rest under a heading of "Security fixes: Multiple Buffer Overflow Security Vulnerabilities."

This is not the first time that Novell has had to quash bugs in iPrint's ActiveX control. Just two months ago, a researcher at the US Computer Emergency Readiness Team (US-CERT) uncovered several vulnerabilities in the control packaged with iPrint for Windows 2000 and Windows XP. Novell patched those bugs with the iPrint 4.36 update in June.

ActiveX vulnerabilities are commonplace. Earlier this year, in fact, Symantec reported that the Microsoft technology accounted for 79 percent of all browser plug-in bugs in the second half of 2007.

<<newer article | back to index | older article>>

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Novell's iPrint vulnerable to attack' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?
Advertisement
Advertisement

WHITE PAPERS

  • BPM, SOA and Web 2.0: Business transformation or train wreck?
    Organisations must not only promote change from within, but they must also be agile enough to quickly adapt to evolving markets, policies, regulations, and business models. Fortunately, the convergence of a trio of technologies and business practices—business process management (BPM), service-oriented architecture (SOA), and Web 2.0—is providing a solution.
  • The Social Enterprise: Using Social Enterprise Applications to Enable the Next Wave of Knowledge Worker Productivity
    On the face of it, social software seems an unlikely example of enterprise collaboration. Aren’t social networks a fad? What does sharing photos or connecting with college buddies have to do with getting work done?
  • Unified Threat Management
    This white paper looks at the emergence and inadequacies of unified threat management (UTM) products, and introduces a new solution from Check Point.
  • Delivering an Effective Backup and Recovery Service
    Rapid data growth and the need for greater data availability place a demand on organisations to provide an effective backup and recovery service. Yet businesses have often been satisfied with just minimal provision. It is only when a disaster arrives that it becomes clear how inadequate this approach is. This white paper helps organisations make the right decisions about how best to prevent data loss and potentially catastrophic IT failure.
  • Oracle Universal Content Management
    The key features and benefits to an enterprise of Oracle's Universal Content Management solution. Easily manage content through the whole lifecycle, streamline business processes and improve customer service and relationships.

Techworld topic pages