Novell Netmail Multiple Services Unspecified Stack Buffer Overflow Vulnerabilities
BID:21773
Info
Novell Netmail Multiple Services Unspecified Stack Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21773 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 26 2006 12:00AM |
| Updated: | Jan 04 2007 06:26PM |
| Credit: | The discoverer of these issues is currently unknown. |
| Vulnerable: |
Novell NetMail 3.52 D Novell NetMail 3.52 C1 Novell NetMail 3.52 C Novell NetMail 3.52 B Novell NetMail 3.52 A Novell NetMail 3.52 Novell NetMail 3.52e-ftfl |
| Not Vulnerable: | |
Discussion
Novell Netmail Multiple Services Unspecified Stack Buffer Overflow Vulnerabilities
Novell Netmail is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Some of these issues may be related to this issue described in BID 21724 (Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability).
Version 3.52e-ftfi is vulnerable to this issue; other versions may also be affected.
Novell Netmail is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Some of these issues may be related to this issue described in BID 21724 (Novell Netmail IMAP Verb Literal Heap Overflow Vulnerability).
Version 3.52e-ftfi is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Novell Netmail Multiple Services Unspecified Stack Buffer Overflow Vulnerabilities
The following exploit has been available for Immunity Partner's members:
https://www.immunityinc.com/downloads/immpartners/netmail.tar
The following exploit has been available for Immunity Partner's members:
https://www.immunityinc.com/downloads/immpartners/netmail.tar
Solution / Fix
Novell Netmail Multiple Services Unspecified Stack Buffer Overflow Vulnerabilities
Solution:
The vendor may have addressed these issues in versions after 3.52e-ftfl, but Symantec has not confirmed this.
Solution:
The vendor may have addressed these issues in versions after 3.52e-ftfl, but Symantec has not confirmed this.
References
Novell Netmail Multiple Services Unspecified Stack Buffer Overflow Vulnerabilities
References:
References:
- Novell Netmail Home Page (Novell)