Novell NetMail HTTP基本认证超长用户名远程缓冲区溢出漏洞

Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。 Novell NetMail中默认绑定在TCP/89端口上的webadmin.exe进程处理用户认证请求存在栈溢出漏洞，远程攻击者可能利用此漏洞控制服务器s。 由于不安全的sprintf调用，如果在HTTP基本认证阶段发送了超过213字节的超长用户名，就会触发这个缓冲区溢出，导致执行任意指令。 Novell NetMail 3.52 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2005-1247

Affected software: Novell Nsure Audit 1.0.1 (webadmin.exe). Vulnerable component: ASN.1/SSL handling when processing client certificates to an SSL server. Root cause: malformed ASN.1 packets trigger a denial of service (as demonstrated via an OpenSSL ASN.1 parsing vulnerability). No remediation d...

CVE-2005-1247

webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability...

[Full-disclosure] [CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service

Description: A vulnerability was reported in Novell Nsure Audit. A remote user can cause denial of service conditions. A remote user can conduct a brute force attack against 'webadmin.exe' on TCP port 449 to cause the target system to stop responding. Read the full advisory http://www.cirt.dk...

CVE-2003-0471

Alt-N WebAdmin is affected by a remote buffer overflow in the USER parameter of WebAdmin.exe/WebAdmin.dll, enabling arbitrary code execution as described in CVE-2003-0471. Public artifacts include references in Exploit-DB and Metasploit modules showing a buffer overflow condition that could allow...

Remote Buffer Overrun WebAdmin.exe

NGSSoftware Insight Security Research Advisory Name: Remote System Buffer Overrun WebAdmin.exe Systems Affected: Windows Severity: High Risk Category: Buffer Overrun Vendor URL: http://www.altn.com/ Author: Mark Litchfield [email protected] Date: 24th June 2003 Advisory number: NISR2406-03...