Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

Security Vulnerabilities: Buffer Overrun in NetMail 3.52

This document (3096026) is provided subject to the disclaimer at the end of this document.

Environment

Novell NetMail 3.52

Situation

Existing version of NetMail 3.52 can be vulnerable to attack when the following buffers are overrun.
-User Authentication Buffer
-NMAP STOR Buffer
-IMAPD Pre-Auth Stack Buffer
-IMAPD Post-Auth Stack Buffer

The vulnerability could allow remote execution of code on the server running NetMail.

Resolution

Status

Reported to Engineering
Security Alert

Additional Information

Novell would like to thank an anonymous researcher working withTippingPoint (www.tippingpoint.com) and the Zero Day Initiative(www.zerodayintiative.com) for reporting the following issues.
 
ZDI-06-036 (Previously ZDI-CAN-076) - User  Authentication Buffer - This vulnerability has been assigned the identifier CVE-2006-5478 by the CVE database.
ZDI-06-053 (PreviouslyZDI-CAN-085) - IMAPD Pre-Auth Stack Buffer - This vulnerability has been assigned the identifier CVE-2006-6424 by the CVE database.
ZDI-06-054 (Previously ZDI-CAN-086) - IMAPD Post-Auth Stack Buffer - This vulnerability has been assigned the identifier CVE-2006-6425 by the CVE database.

Novell would like to thank Dennis Rand of CIRT.DK working with TippingPoint (www.tippingpoint.com) and the Zero Day Initiative (www.zerodayintiative.com) for reporting the following issue.

ZDI-06-052 (PreviouslyZDI-CAN-082) - NMAP STOR Buffer - This vulnerability has been assigned the identifier CVE-2006-6424 by the CVE database.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3096026
  • Creation Date:25-DEC-06
  • Modified Date:16-MAR-12

Did this document solve your problem? Provide Feedback