Lucene search

[email protected]CVE-2006-6424

HistoryDec 27, 2006 - 1:28 a.m.

CVE-2006-6424

2006-12-2701:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6424

novell netmail

buffer overflow

remote code execution

imap

nmap

security vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.85 High

EPSS

Percentile

98.5%

JSON

Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.

Affected configurations

NVD

Node

novellnetmailRange≤3.5.2e-ftfl

novellnetmailMatch3.0.1

novellnetmailMatch3.0.3aa

novellnetmailMatch3.0.3ab

novellnetmailMatch3.1

novellnetmailMatch3.1f

novellnetmailMatch3.5

novellnetmailMatch3.10

novellnetmailMatch3.10a

novellnetmailMatch3.10b

novellnetmailMatch3.10c

novellnetmailMatch3.10d

novellnetmailMatch3.10e

novellnetmailMatch3.10f

novellnetmailMatch3.10g

novellnetmailMatch3.10h

CPENameOperatorVersion
novell:netmailnovell netmaille3.5.2
novell:netmailnovell netmaileq3.0.1
novell:netmailnovell netmaileq3.0.3a
novell:netmailnovell netmaileq3.1
novell:netmailnovell netmaileq3.5
novell:netmailnovell netmaileq3.10

CPE	Name	Operator	Version
novell:netmail	novell netmail	le	3.5.2
novell:netmail	novell netmail	eq	3.0.1
novell:netmail	novell netmail	eq	3.0.3a
novell:netmail	novell netmail	eq	3.1
novell:netmail	novell netmail	eq	3.5
novell:netmail	novell netmail	eq	3.10