Novell Home

My Favorites

Close

Please to see your favorites.

3 Security Vulnerabilities in NetMail 3.5

(Last modified: 14Jun2005)

This document (10097957) is provided subject to the disclaimer at the end of this document.

symptom

3 Security Vulnerabilities in NetMail 3.5

fact

Novell NetMail 3.5

symptom

CAN-2005-1756 - Novell NetMail 3.5.2 WebAccess Cross-Site Scripting Vulnerability

When a user opens an appointment containing valid formatted script in the body of the message, the browser interprets and executes that script. The script could do perform malicious actions on the user's authenticated connection. This exploit is available to any client that sends an ical object to a NetMail user.

CAN-2005-1757 - Novell NetMail 3.5.2 WebAccess Buffer Overflow Vulnerability

Specifying a very large name on folder rename through the WebAccess or WebMail client causes a buffer overrun.

CAN-2005-1758 - Novell NetMail IMAPD Command Continuation Request Heap Overflow

Specifying a very large number of bytes for the IMAP command continuation can cause a buffer overrun. This exploit is available to any client that connects to NetMail, authenticated and unauthenticated.

fix

All three of these vulnerabilities have been addressed in the NetMail 3.5.2C patch, which is available here:  http://support.novell.com/filefinder/19357/index.html  Please note that this is an updates page for NetMail 3.5, and that NetMail 3.5.2C may eventually be superceded.  Further revisions to NetMail 3.5 will also contain these fixes.

note

These vulnerabilities were discovered by iDefense.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10097957
  • Solution ID: NOVL102393
  • Creation Date: 13Jun2005
  • Modified Date: 14Jun2005
    • NovellNetMail

Did this document solve your problem? Provide Feedback