Novell Netmail NMDMC Stack Buffer Overflow Vulnerability

Bugtraq ID:	23916
Class:	Boundary Condition Error
CVE:	CVE-2007-2616
Remote:	Yes
Local:	No
Published:	May 10 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Discovery is credited to an anonymous researcher.
Vulnerable:	Novell NetMail 3.52 E Novell NetMail 3.52 D Novell NetMail 3.52 C1 Novell NetMail 3.52 C Novell NetMail 3.52 B Novell NetMail 3.52 A Novell NetMail 3.52 Novell NetMail 3.52e-ftfl Novell NetMail 3.52e _FTF2
Not Vulnerable:	Novell NetMail 3.52f

Novell Netmail NMDMC Stack Buffer Overflow Vulnerability

Novell Netmail is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

A successful exploit may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Novell Netmail NMDMC Stack Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Novell Netmail NMDMC Stack Buffer Overflow Vulnerability

Solution:
The vendor released an advisory and version 3.52f Beta to address this issue. Please see the references for more information.

Novell Netmail NMDMC Stack Buffer Overflow Vulnerability

References:

• iDefense Security Advisory 05.10.07: Novell NetMail NMDMC Buffer Overflow Vulner (iDefense Labs)
  
• NetMail Product Page (Novell)
  
• Novel NetMail 3.52f Beta 3.52f (Novell)