Lucene search

K
saintSAINT CorporationSAINT:D1093E576EFD2CFB1B98A9560029C682
HistoryMar 16, 2007 - 12:00 a.m.

NetMail WebAdmin username buffer overflow

2007-03-1600:00:00
SAINT Corporation
www.saintcorporation.com
11

0.942 High

EPSS

Percentile

99.2%

Added: 03/16/2007
CVE: CVE-2007-1350
BID: 22857
OSVDB: 33886

Background

Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP.

Problem

A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary commands by sending a long username during HTTP Basic authentication.

Resolution

Download and install the NetMail 3.52E Update.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-009.html&gt;

Limitations

Exploit works on Novell NetMail 3.52.

In order for the exploit to succeed, the total number of characters in the tree and context parameters must be correct.

Platforms

Windows 2000
Windows Server 2003 SP0
Windows Server 2003 SP1 / Windows Server 2003

0.942 High

EPSS

Percentile

99.2%