Novell NetMail WebAccess/WebMail Agent Folder Rename Overflow

2005-06-06T05:37:51
ID OSVDB:17241
Type osvdb
Reporter OSVDB
Modified 2005-06-06T05:37:51

Description

Vulnerability Description

A remote overflow exists in Novell NetMail. The Modweb agent fails to check length for a very long name on folder rename through the WebAccess or WebMail client resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 3.52C or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Novell NetMail. The Modweb agent fails to check length for a very long name on folder rename through the WebAccess or WebMail client resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.novell.com/products/nims/index.html Vendor Specific Advisory URL Secunia Advisory ID:15644 Related OSVDB ID: 17239 Related OSVDB ID: 17240 Related OSVDB ID: 17238 Keyword: TID10097957 FrSIRT Advisory: ADV-2005-0727 CVE-2005-1757 Bugtraq ID: 13926