Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
BID:21723
Info
Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
| Bugtraq ID: | 21723 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6425 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 22 2006 12:00AM |
| Updated: | Feb 01 2008 05:07PM |
| Credit: | Discovery is credited to an anonymous researcher. |
| Vulnerable: |
Novell NetMail 3.52 D Novell NetMail 3.52 C1 Novell NetMail 3.52 C Novell NetMail 3.52 B Novell NetMail 3.52 A Novell NetMail 3.52 |
| Not Vulnerable: | |
Discussion
Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
Novell Netmail is prone to a remotely exploitable buffer-overflow vulnerability because it fails to do proper bounds checking on a client-supplied IMAP APPEND parameter.
A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.
Novell Netmail is prone to a remotely exploitable buffer-overflow vulnerability because it fails to do proper bounds checking on a client-supplied IMAP APPEND parameter.
A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.
Exploit / POC
Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
The following exploit code is available as a module for the Metasploit Framework:
The following exploit code is available as a module for the Metasploit Framework:
Solution / Fix
Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
Solution:
This vulnerability has been addressed by NetMail 3.52e ftf 2.
Novell NetMail 3.52
Novell NetMail 3.52 A
Novell NetMail 3.52 C
Novell NetMail 3.52 D
Novell NetMail 3.52 B
Novell NetMail 3.52 C1
Solution:
This vulnerability has been addressed by NetMail 3.52e ftf 2.
Novell NetMail 3.52
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 A
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 C
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 D
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 B
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 C1
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
References
Novell Netmail IMAP APPEND Buffer Overflow Vulnerability
References:
References: