Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:15DA12C5E6637EE0E8EF2573DE6C050B
HistoryJan 05, 2007 - 12:00 a.m.

Novell NetMail NMAP STOR command buffer overflow

2007-01-0500:00:00
SAINT Corporation
my.saintcorporation.com
19

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.884 High

EPSS

Percentile

98.6%

JSON

Added: 01/05/2007
CVE: CVE-2006-6424
BID: 21725
OSVDB: 31363

Background

Novell NetMail servers include the Network Messaging Application Protocol (NMAP) service, which listens on port 689/TCP.

Problem

A buffer overflow in Novell NetMail allows remote attackers to execute arbitrary commands by sending a specially crafted **STOR** command to the NMAP service.

Resolution

Apply the patch available from Novell.

References

<http://www.securityfocus.com/archive/1/455201&gt;

Limitations

Exploit works on Novell NetMail 3.52e FTF1.

For the exploit to succeed, the address of the host running SAINTexploit must be present in the target server’s trusted hosts list. (The trusted hosts list is available from the web interface running on port 89/TCP on the target server. Choose Internet Services -> Messaging Server -> NMAP Agent -> Trusted Hosts.)

Platforms

Windows

Related

checkpoint_advisories 2
cert 2
packetstorm 1
zdi 2
saint 3
cve 1
cvelist 1
securityvulns 2
checkpoint_advisories
checkpoint_advisories
Novell NetMail NMAP STOR Command Buffer Overflow (CVE-2006-6424)
2007-01-30 00:00:00
Novell NetMail IMAP Verb Literal Heap Overflow (CVE-2006-6424)
2007-04-01 00:00:00
cert
cert
Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands
2007-01-17 00:00:00
Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests
2007-01-18 00:00:00
packetstorm
packetstorm
Novell NetMail <= 3.52d NMAP STOR Buffer Overflow
2009-11-26 00:00:00
zdi
zdi
Novell NetMail NMAP STOR Buffer Overflow Vulnerability
2006-12-22 00:00:00
Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-22 00:00:00
saint
saint
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
cve
cve
CVE-2006-6424
2006-12-27 01:28:00
cvelist
cvelist
CVE-2006-6424
2006-12-27 01:00:00
securityvulns
securityvulns
[Full-disclosure] ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-23 00:00:00
[Full-disclosure] ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability
2006-12-23 00:00:00

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.884 High

EPSS

Percentile

98.6%

JSON
Related for SAINT:15DA12C5E6637EE0E8EF2573DE6C050B
checkpoint_advisories2cert2packetstorm1zdi2saint3cve1cvelist1securityvulns2