Environment
Novell
NetMail 3.52
Situation
Existing
version of NetMail 3.52 can be vulnerable to attack
when the following buffers are overrun.
-User
Authentication Buffer
-NMAP STOR
Buffer
-IMAPD
Pre-Auth Stack Buffer
-IMAPD
Post-Auth Stack Buffer
The vulnerability could allow remote execution of code on the server running NetMail.
The vulnerability could allow remote execution of code on the server running NetMail.
Resolution
This problem
is resolved by applying NetMail 3.52e ftf 2
Status
Reported to EngineeringSecurity Alert
Additional Information
Novell would
like to thank an anonymous researcher working withTippingPoint
(www.tippingpoint.com) and the Zero Day
Initiative(www.zerodayintiative.com) for reporting the
following issues.
ZDI-06-036
(Previously ZDI-CAN-076) - User Authentication Buffer - This
vulnerability has been assigned the identifier CVE-2006-5478 by
the CVE database.
ZDI-06-053
(PreviouslyZDI-CAN-085) - IMAPD Pre-Auth Stack
Buffer - This vulnerability has been assigned the identifier CVE-2006-6424 by
the CVE database.
ZDI-06-054
(Previously ZDI-CAN-086) - IMAPD Post-Auth Stack Buffer - This
vulnerability has been assigned the identifier CVE-2006-6425 by
the CVE database.
Novell would like to thank Dennis Rand of CIRT.DK working with TippingPoint (www.tippingpoint.com) and the Zero Day Initiative (www.zerodayintiative.com) for reporting the following issue.
ZDI-06-052 (PreviouslyZDI-CAN-082) - NMAP STOR Buffer - This vulnerability has been assigned the identifier CVE-2006-6424 by the CVE database.