164 matches found
Novell Netmail IMAP SUBSCRIBE缓冲区溢出漏洞
Novell Netmail是一款电子邮件和日历系统。 Novell Netmail包含的IMAP实现处理subscribe命令存在设计缺陷,远程攻击者可以利用漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。 当超长字符串作为subscribe的参数提交给服务器,可导致应用程序由于缺少正确边界检查而造成缓冲区溢出,精心构建提交数据,可能以进程权限执行任意指令。 Novell NetMail 3.52 D Novell NetMail 3.52 C1 Novell NetMail 3.52 C Novell NetMail 3.52 B Novell NetMail 3.52 A...
CVE-2006-6762
The IMAP daemon IMAPD in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "" parenthesis in the argument...
CVE-2006-6761
Stack-based buffer overflow in the IMAP daemon IMAPD in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command...
CVE-2006-6761
Stack-based buffer overflow in the IMAP daemon IMAPD in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command...
CVE-2006-6762
The CVE-2006-6762 entry affects Novell NetMail’s IMAP server (IMAPD) prior to 3.52e FTF2. A buffer overflow may occur when processing parameters to the APPEND command, enabling a remote authenticated attacker to cause a denial-of-service. Remediation: apply the vendor update per Novell document 3...
CVE-2006-6762
The IMAP daemon IMAPD in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "" parenthesis in the argument...
CVE-2006-6761
CVE-2006-6761 describes a stack-based buffer overflow in the IMAPD of Novell NetMail prior to 3.52e FTF2 . An attacker with authenticated remote access can trigger the overflow by sending a long argument to the IMAP SUBSCRIBE command, potentially allowing arbitrary code execution on affected syst...
CVE-2006-6424
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code 1 by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and 2 via crafted arguments to the STOR command to the...
CVE-2006-6425
Stack-based buffer overflow in the IMAP daemon IMAPD in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command...
CVE-2006-6424
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code 1 by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and 2 via crafted arguments to the STOR command to the...
CVE-2006-6425
Stack-based buffer overflow in the IMAP daemon IMAPD in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command...
CVE-2006-6424
The CVE-2006-6424 vulnerability affects Novell NetMail (NMAP STOR and IMAP handling). Affected: NetMail servers prior to 3.52e FTF2; NMAP STOR buffer overflow can yield remote code execution, and IMAP command continuation handling can cause a heap overflow. Confirmed exploitation is possible via ...
CVE-2006-6425
CVE-2006-6425 describes a stack-based buffer overflow in the Novell NetMail IMAP daemon (IMAPD) when processing the APPEND command, affecting NetMail versions prior to 3.52e FTF2. An authenticated remote attacker who can access IMAP services could trigger arbitrary code execution in the IMAP serv...
Novell Netmail NMAP服务STOR命令远程溢出漏洞
Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。 NetMail中绑定到TCP 689端口的NMAP服务(nmapd.exe)在处理STOR命令时存在缓冲区溢出漏洞,如果攻击者能够向该命令发送特定参数的话,就可以触发这个溢出,导致执行任意指令。 Novell NetMail 3.52 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026f.SALPublic.html...
Novell Netmail IMAP服务APPEND命令远程栈溢出漏洞
Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。 NetMail IMAP服务程序在处理APPEND命令时存在栈溢出漏洞,如果攻击者能够向该命令发送特定参数的话,就可以触发这个溢出,导致执行任意指令。 Novell NetMail 3.52 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026f.SALPublic.html...
Novell Netmail IMAP服务命令参数串接远程堆溢出漏洞
Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。 NetMail的IMAP服务在处理命令参数的串接时存在漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 NetMail的IMAP服务(imapd.exe)在将文字内容附加到IMAP命令以生成请求时没有充分的验证用户输入的长度值。所分配的用于存储额外数据的内存可能不充分,导致堆溢出。 Novell NetMail 3.52 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
[Full-disclosure] iDefense Security Advisory 12.23.06: Novell Netmail IMAP append Denial of Service Vulnerability
Novell Netmail IMAP append Denial of Service Vulnerability iDefense Security Advisory 12.23.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 23, 2006 I. BACKGROUND Novell NetMail is an e-mail and calendar system that is based on standard Internet protocols. More information can be...
[Full-disclosure] iDefense Security Advisory 12.23.06: Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability
Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability iDefense Security Advisory 12.23.06 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 23, 2006 I. BACKGROUND Novell NetMail is an e-mail and calendar system that is based on standard Internet protocols. More information can be...
Novell NetMail IMAP server multiple buffer overflows
Buffer overflows on STOP, APPEND commands and on IMAP literals parsing...
[Full-disclosure] ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability
ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-054.html December 22, 2006 -- CVE ID: CVE-2006-6425 -- Affected Vendor: Novell -- Affected Products: Novell NetMail 3.5.2 -- TippingPointTM IPS Customer Protection: TippingPoint...