BID:21729

Novell Netmail IMAP APPEND Denial of Service Vulnerability

Info

Novell Netmail IMAP APPEND Denial of Service Vulnerability

Bugtraq ID:	21729
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-6425 CVE-2006-6762
Remote:	Yes
Local:	No
Published:	Dec 23 2006 12:00AM
Updated:	Jul 06 2016 02:40PM
Credit:	Discovery is credited to Dennis Rand of CIRT.DK.
Vulnerable:	Novell NetMail 3.52 D Novell NetMail 3.52 C1 Novell NetMail 3.52 C Novell NetMail 3.52 B Novell NetMail 3.52 A Novell NetMail 3.52

Not Vulnerable:

Discussion

Novell Netmail IMAP APPEND Denial of Service Vulnerability

Novell Netmail is prone to a remotely exploitable denial-of-service vulnerability. A malformed IMAP APPEND argument can trigger this issue.

A successful exploit could let an authenticated remote attacker crash the affected server.

Exploit / POC

Novell Netmail IMAP APPEND Denial of Service Vulnerability

An attacker can trigger his issue manually by authenticating to the IMAP server and then sending a malformed IMAP APPEND request that specifies a single '(' character as the argument.

Solution / Fix

Novell Netmail IMAP APPEND Denial of Service Vulnerability

Solution:
This vulnerability has been addressed by NetMail 3.52e ftf 2.

Novell NetMail 3.52

Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz

Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip

Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 A

Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz

Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip

Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 C

Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz

Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip

Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 D

Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz

Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip

Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 B

Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz

Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip

Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

Novell NetMail 3.52 C1

Novell nm352e_ftf2_lx.tgz
NetMail 3.52e ftf 2 Linux
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_lx.tgz

Novell nm352e_ftf2_nw.zip
NetMail 3.52e ftf 2 NetWare
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_nw.zip

Novell nm352e_ftf2_win.zip
NetMail 3.52e ftf 2 Windows
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ft f2_win.zip

References

Novell Netmail IMAP APPEND Denial of Service Vulnerability

References: