Novell NetMail NMAP STOR command buffer overflow

2007-01-05T00:00:00
ID SAINT:15DA12C5E6637EE0E8EF2573DE6C050B
Type saint
Reporter SAINT Corporation
Modified 2007-01-05T00:00:00

Description

Added: 01/05/2007
CVE: CVE-2006-6424
BID: 21725
OSVDB: 31363

Background

Novell NetMail servers include the Network Messaging Application Protocol (NMAP) service, which listens on port 689/TCP.

Problem

A buffer overflow in Novell NetMail allows remote attackers to execute arbitrary commands by sending a specially crafted **STOR** command to the NMAP service.

Resolution

Apply the patch available from Novell.

References

<http://www.securityfocus.com/archive/1/455201>

Limitations

Exploit works on Novell NetMail 3.52e FTF1.

For the exploit to succeed, the address of the host running SAINTexploit must be present in the target server's trusted hosts list. (The trusted hosts list is available from the web interface running on port 89/TCP on the target server. Choose Internet Services -> Messaging Server -> NMAP Agent -> Trusted Hosts.)

Platforms

Windows