cbcvebase.
CVE-2010-4328
published 2011-02-19

CVE-2010-4328: Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to…

PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.20%
96.3th percentile
Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd in Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 allow remote attackers to execute arbitrary code via unspecified LPR opcodes.

Affected

1 ranges
VendorProductVersion rangeFixed in
novelliprint_open_enterprise_server

Detection & IOCsextracted from sources · hover to see the quote

port515
pathopt/novell/iprint/bin/ipsmd
bytes
\x01\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x44\x43\x42\x41\x0a
  • Exploit targets TCP port 515 (LPD/LPR service) on Novell iPrint for Linux. Monitor for oversized or malformed LPR opcode payloads (>120 bytes starting with \x01) sent to this port, which are indicative of stack-based buffer overflow attempts against ipsmd.
  • The exploit payload begins with LPR opcode byte \x01 followed by a large run of \x41 ('A') padding bytes and terminates with \x44\x43\x42\x41\x0a — look for TCP payloads to port 515 containing this pattern as a buffer overflow canary/return-address overwrite signature.
  • The vulnerable process is ipsmd located at opt/novell/iprint/bin/ipsmd. Monitor for unexpected crashes, restarts, or child process spawning from this binary, which may indicate successful or attempted exploitation.
  • ·The target IP in the exploit (10.102.3.79) is a private lab/test address hardcoded in the PoC and is NOT a threat-actor infrastructure indicator — do not use it as a network-level block.
  • ·The vulnerability affects Novell iPrint for Linux Open Enterprise Server 2 SP2 and SP3 specifically; the LPD service (port 515) must be externally reachable for remote exploitation to succeed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.