Lucene search

SAINT CorporationSAINT:75D2335325D559707D90A4698C5C85B4

HistoryDec 29, 2006 - 12:00 a.m.

NetMail IMAP APPEND command buffer overflow

2006-12-2900:00:00

SAINT Corporation

download.saintcorporation.com

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.163 Low

EPSS

Percentile

95.5%

JSON

Added: 12/29/2006
CVE: CVE-2006-6425
BID: 21723
OSVDB: 31362

Background

Novell NetMail is an e-mail and calendaring server application.

Problem

A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted APPEND command.

Resolution

Apply NetMail 3.5.2e FTF2 for Linux, Netware, or Windows.

References

[http://www.novell.com/support/search.do?cmd=displayKC&externalId=3096026&sliceId=SAL_Public ](<http://www.novell.com/support/search.do?cmd=displayKC&externalId=3096026&sliceId=SAL_Public
>)
<http://www.zerodayinitiative.com/advisories/ZDI-06-054.html>

Limitations

Exploit works on NetMail 3.5.2 and requires the login and password of a valid IMAP account.

Platforms

Windows 2000
Windows XP

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.163 Low

EPSS

Percentile

95.5%

JSON

Related for SAINT:75D2335325D559707D90A4698C5C85B4