Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability

Bugtraq ID:	21724
Class:	Boundary Condition Error
CVE:	CVE-2006-6424
Remote:	Yes
Local:	No
Published:	Dec 22 2006 12:00AM
Updated:	Jan 02 2007 04:56PM
Credit:	Discovery is credited to an anonymous researcher.
Vulnerable:	Novell NetMail 3.52 D Novell NetMail 3.52 C1 Novell NetMail 3.52 C Novell NetMail 3.52 B Novell NetMail 3.52 A Novell NetMail 3.52
Not Vulnerable:

Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability

Novell Netmail is prone to a remotely exploitable buffer overflow vulnerability because it fails to do proper bounds checking on literals that are appended to IMAP verbs.

A successful exploit could let a remote attacker execute arbitrary code in the context of the affected program.

Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability

Solution:
This vulnerability has been addressed by NetMail 3.52e ftf 2.


Novell NetMail 3.52

• Novell nm352e_ftf2_lx.tgz
  NetMail 3.52e ftf 2 Linux
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz


• Novell nm352e_ftf2_nw.zip
  NetMail 3.52e ftf 2 NetWare
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip


• Novell nm352e_ftf2_win.zip
  NetMail 3.52e ftf 2 Windows
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 A

• Novell nm352e_ftf2_lx.tgz
  NetMail 3.52e ftf 2 Linux
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz


• Novell nm352e_ftf2_nw.zip
  NetMail 3.52e ftf 2 NetWare
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip


• Novell nm352e_ftf2_win.zip
  NetMail 3.52e ftf 2 Windows
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 C

• Novell nm352e_ftf2_lx.tgz
  NetMail 3.52e ftf 2 Linux
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz


• Novell nm352e_ftf2_nw.zip
  NetMail 3.52e ftf 2 NetWare
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip


• Novell nm352e_ftf2_win.zip
  NetMail 3.52e ftf 2 Windows
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 D

• Novell nm352e_ftf2_lx.tgz
  NetMail 3.52e ftf 2 Linux
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz


• Novell nm352e_ftf2_nw.zip
  NetMail 3.52e ftf 2 NetWare
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip


• Novell nm352e_ftf2_win.zip
  NetMail 3.52e ftf 2 Windows
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 B

• Novell nm352e_ftf2_lx.tgz
  NetMail 3.52e ftf 2 Linux
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz


• Novell nm352e_ftf2_nw.zip
  NetMail 3.52e ftf 2 NetWare
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip


• Novell nm352e_ftf2_win.zip
  NetMail 3.52e ftf 2 Windows
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 C1

• Novell nm352e_ftf2_lx.tgz
  NetMail 3.52e ftf 2 Linux
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz


• Novell nm352e_ftf2_nw.zip
  NetMail 3.52e ftf 2 NetWare
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip


• Novell nm352e_ftf2_win.zip
  NetMail 3.52e ftf 2 Windows
  http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability

References:

• Security Vulnerabilities: Buffer Overrun in NetMail 3.52 (Novell)
  
• ZDI-06-053 Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability (Zero Day Initiative)