CVE-2007-2954

Name of the Vulnerable Software and Affected Versions Novell Client versions 4.91 SP2 through 4.91 SP4

Description The issue is related to multiple stack-based buffer overflows in the Spooler service. These overflows can be triggered by remote attackers sending certain long arguments to various RPC requests, including the RpcAddPrinterDriver and RpcGetPrinterDriverDirectory functions. This allows attackers to execute arbitrary code.

Recommendations For Novell Client versions 4.91 SP2 through 4.91 SP4, consider disabling the vulnerable RPC requests, such as RpcAddPrinterDriver and RpcGetPrinterDriverDirectory, until a patch is available. Restrict access to the Spooler service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.