Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:405C516C88A657BD5B445CC1B0513D46
HistoryJan 05, 2007 - 12:00 a.m.

Novell NetMail NMAP STOR command buffer overflow

2007-01-0500:00:00
SAINT Corporation
download.saintcorporation.com
8

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.85 High

EPSS

Percentile

98.5%

JSON

Added: 01/05/2007
CVE: CVE-2006-6424
BID: 21725
OSVDB: 31363

Background

Novell NetMail servers include the Network Messaging Application Protocol (NMAP) service, which listens on port 689/TCP.

Problem

A buffer overflow in Novell NetMail allows remote attackers to execute arbitrary commands by sending a specially crafted **STOR** command to the NMAP service.

Resolution

Apply the patch available from Novell.

References

<http://www.securityfocus.com/archive/1/455201&gt;

Limitations

Exploit works on Novell NetMail 3.52e FTF1.

For the exploit to succeed, the address of the host running SAINTexploit must be present in the target server’s trusted hosts list. (The trusted hosts list is available from the web interface running on port 89/TCP on the target server. Choose Internet Services -> Messaging Server -> NMAP Agent -> Trusted Hosts.)

Platforms

Windows

Related

cert 2
saint 3
checkpoint_advisories 2
nvd 1
cve 1
packetstorm 1
cvelist 1
zdi 2
securityvulns 2
cert
cert
Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands
2007-01-17 00:00:00
Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests
2007-01-18 00:00:00
saint
saint
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Novell NetMail IMAP Verb Literal Heap Overflow (CVE-2006-6424)
2007-04-01 00:00:00
Novell NetMail NMAP STOR Command Buffer Overflow (CVE-2006-6424)
2007-01-30 00:00:00
nvd
nvd
CVE-2006-6424
2006-12-27 01:28:00
cve
cve
CVE-2006-6424
2006-12-27 01:28:00
packetstorm
packetstorm
Novell NetMail <= 3.52d NMAP STOR Buffer Overflow
2009-11-26 00:00:00
cvelist
cvelist
CVE-2006-6424
2006-12-27 01:00:00
zdi
zdi
Novell NetMail NMAP STOR Buffer Overflow Vulnerability
2006-12-22 00:00:00
Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-22 00:00:00
securityvulns
securityvulns
[Full-disclosure] ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability
2006-12-23 00:00:00
[Full-disclosure] ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-23 00:00:00

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.85 High

EPSS

Percentile

98.5%

JSON
Related for SAINT:405C516C88A657BD5B445CC1B0513D46
cert2saint3checkpoint_advisories2nvd1cve1packetstorm1cvelist1zdi2securityvulns2