pwc.20020630.nims_3.0.3_imapd.a

2002-07-15T00:00:00
ID SECURITYVULNS:DOC:3221
Type securityvulns
Reporter Securityvulns
Modified 2002-07-15T00:00:00

Description

PricewaterhouseCoopers Security Vulnerability Report No: pwc.20020630.nims_3.0.3_imapd.a ====================================================

Vulnerability Summary

Problem: Multiple buffer overflow conditions have been identified in Novell Netmail IMAP service.

Threat: Denial Of Service.

Affected Software: Novell Netmail 3.0.3. Novell Netmail 3.1, Novell Netmail XE 3.1.

Platforms: Linux Redhat 7.3, Sun Solaris, Microsoft Windows, Netware 6.

Solutions: Apply the appropriate patches from Novell.

Vulnerability Description

Multiple buffer overflows exist in the IMAPD service of Novell Netmail 3.0.3 resulting in a Denial Of Service. Subsequent attacks will result in a server reboot on Netware 6.0 SP 1.

Solutions

Netmail (NIMS) 3.0.3A Update for NetWare http://support.novell.com/servlet/tidfinder/2962974

NetMail (NIMS) 3.0.3A Update for Linux http://support.novell.com/servlet/tidfinder/2962976

NetMail (NIMS) 3.0.3A Update for Solaris http://support.novell.com/servlet/tidfinder/2962977

NetMail 3.1a Update for NetWare http://support.novell.com/servlet/tidfinder/2962978

NetMail 3.1a Update for Windows http://support.novell.com/servlet/tidfinder/2962982

NetMail 3.1a Update for Linux http://support.novell.com/servlet/tidfinder/2962980

NetMail 3.1a Update for Solaris http://support.novell.com/servlet/tidfinder/2962981

NetMail XE 3.1a Update http://support.novell.com/servlet/tidfinder/2962983

Additional Information

Novell was contacted 20020701.

This vulnerability was found by Patrik Karlsson & Jonas Ländin patrik.karlsson@se.pwcglobal.com


The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.