Novell Netmail NMAP STOR Buffer Overflow Vulnerability
BID:21725
Info
Novell Netmail NMAP STOR Buffer Overflow Vulnerability
| Bugtraq ID: | 21725 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6424 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 22 2006 12:00AM |
| Updated: | Feb 01 2008 05:38PM |
| Credit: | Discovery is credited to Dennis Rand of CIRT.DK |
| Vulnerable: |
Novell NetMail 3.52 D Novell NetMail 3.52 C1 Novell NetMail 3.52 C Novell NetMail 3.52 B Novell NetMail 3.52 A Novell NetMail 3.52 |
| Not Vulnerable: | |
Discussion
Novell Netmail NMAP STOR Buffer Overflow Vulnerability
Novell Netmail is prone to a remotely exploitable buffer overflow vulnerability because it fails to do proper bounds checking on NMAP (Network Messaging Application Protocol) STOR command parameters.
A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.
Novell Netmail is prone to a remotely exploitable buffer overflow vulnerability because it fails to do proper bounds checking on NMAP (Network Messaging Application Protocol) STOR command parameters.
A successful exploit could let an authenticated remote attacker execute arbitrary code in the context of the affected program.
Exploit / POC
Novell Netmail NMAP STOR Buffer Overflow Vulnerability
The following exploit code is available as a module for the Metasploit Framework:
The following exploit code is available as a module for the Metasploit Framework:
Solution / Fix
Novell Netmail NMAP STOR Buffer Overflow Vulnerability
Solution:
This vulnerability has been addressed by NetMail 3.52e ftf 2.
Novell NetMail 3.52
Novell NetMail 3.52 A
Novell NetMail 3.52 C
Novell NetMail 3.52 D
Novell NetMail 3.52 B
Novell NetMail 3.52 C1
Solution:
This vulnerability has been addressed by NetMail 3.52e ftf 2.
Novell NetMail 3.52
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 A
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 C
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 D
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 B
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
Novell NetMail 3.52 C1
-
Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz -
Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip -
Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip
References
Novell Netmail NMAP STOR Buffer Overflow Vulnerability
References:
References: