CVE-2010-3107

A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://download.novell.com/Download?buildid=ftwZBxEFjIg~	Patch
http://dvlabs.tippingpoint.com/advisory/TPTI-10-05	Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:iprint::::::::
	cpe:2.3:a:novell:iprint:4.26:::::::*
	cpe:2.3:a:novell:iprint:4.27:::::::*
	cpe:2.3:a:novell:iprint:4.28:::::::*
	cpe:2.3:a:novell:iprint:4.30:::::::*
	cpe:2.3:a:novell:iprint:4.32:::::::*
	cpe:2.3:a:novell:iprint:4.34:::::::*
	cpe:2.3:a:novell:iprint:4.36:::::::*
	cpe:2.3:a:novell:iprint:4.38:::::::*
	cpe:2.3:a:novell:iprint:5.04:::::::*
	cpe:2.3:a:novell:iprint:5.12:::::::*
	cpe:2.3:a:novell:iprint:5.20b:::::::*
	cpe:2.3:a:novell:iprint:5.30:::::::*
	cpe:2.3:a:novell:iprint:5.32:::::::*

History

No history.

Information

Published : 2010-08-23 22:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-3107

Mitre link : CVE-2010-3107

CVE.ORG link : CVE-2010-3107

JSON object : View

Products Affected

novell

iprint

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2010-3107", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-23T22:00:03.440", "references": [{"url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a \"logic flaw\" in the CleanUploadFiles method in the nipplib.dll module."}, {"lang": "es", "value": "Un control ActiveX en ienipp.ocx en el plugin para el navegador del cliente de Novell iPrint antes de v5.42 no limita apropiadamente el conjunto de archivos que desea eliminar, lo que permite provocar a atacantes remotos una denegaci\u00f3n de servicio (mediante eliminaci\u00f3n de archivos de forma recursiva) a trav\u00e9s de vectores no especificados relacionados con \"fallo l\u00f3gico\" en el m\u00e9todo CleanUploadFiles en el m\u00f3dulo nipplib.dll."}], "lastModified": "2017-09-19T01:31:12.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:iprint:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "583C6EB4-A372-4B15-8B3A-09A0D778ECA3", "versionEndIncluding": "5.40"}, {"criteria": "cpe:2.3:a:novell:iprint:4.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3332CB43-D2ED-4720-8ED4-AE222C6F7FF3"}, {"criteria": "cpe:2.3:a:novell:iprint:4.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9AD9057-2218-481E-96CB-BF568AD3A9F2"}, {"criteria": "cpe:2.3:a:novell:iprint:4.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D044326-00CB-4158-A652-7D7FBDB380C7"}, {"criteria": "cpe:2.3:a:novell:iprint:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BDA0CD3-3E49-42E9-8D41-2B93FEE53610"}, {"criteria": "cpe:2.3:a:novell:iprint:4.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAB01661-76E1-4181-A798-6325EFD681FE"}, {"criteria": "cpe:2.3:a:novell:iprint:4.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16769BC0-66AE-4AA3-B504-03389717A56D"}, {"criteria": "cpe:2.3:a:novell:iprint:4.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25B2994C-8E01-4E7B-A5CA-9F9BE4C634C7"}, {"criteria": "cpe:2.3:a:novell:iprint:4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCCA90D8-A320-43B0-A667-DAFC0D00924F"}, {"criteria": "cpe:2.3:a:novell:iprint:5.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F12CAA5-6C37-4FBA-BA41-03C7F81AE6BE"}, {"criteria": "cpe:2.3:a:novell:iprint:5.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCA3CFFD-8D4B-4BEC-934A-7E5D18F87807"}, {"criteria": "cpe:2.3:a:novell:iprint:5.20b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2A31E77-BFE6-4F54-9839-8323F8E4995E"}, {"criteria": "cpe:2.3:a:novell:iprint:5.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E8EC466-1CA2-4D8E-8D3F-F1246DC1850B"}, {"criteria": "cpe:2.3:a:novell:iprint:5.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27533465-909A-4300-A713-36924FB330CA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}