Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiDennis Rand - CIRT.DKZDI-06-052
HistoryDec 22, 2006 - 12:00 a.m.

Novell NetMail NMAP STOR Buffer Overflow Vulnerability

2006-12-2200:00:00
Dennis Rand - CIRT.DK
www.zerodayinitiative.com
10

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.896 High

EPSS

Percentile

98.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in NetMail’s implementation of the Network Messaging Application Protocol (NMAP). The NMAP server lacks bounds checking on parameters supplied to the STOR command, which can lead to an exploitable buffer overflow. The vulnerable daemon, nmapd.exe, binds to TCP port 689.

Related

checkpoint_advisories 2
packetstorm 1
cve 1
saint 4
cert 2
cvelist 1
zdi 1
securityvulns 2
checkpoint_advisories
checkpoint_advisories
Novell NetMail NMAP STOR Command Buffer Overflow (CVE-2006-6424)
2007-01-30 00:00:00
Novell NetMail IMAP Verb Literal Heap Overflow (CVE-2006-6424)
2007-04-01 00:00:00
packetstorm
packetstorm
Novell NetMail <= 3.52d NMAP STOR Buffer Overflow
2009-11-26 00:00:00
cve
cve
CVE-2006-6424
2006-12-27 01:28:00
saint
saint
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
cert
cert
Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests
2007-01-18 00:00:00
Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands
2007-01-17 00:00:00
cvelist
cvelist
CVE-2006-6424
2006-12-27 01:00:00
zdi
zdi
Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-22 00:00:00
securityvulns
securityvulns
[Full-disclosure] ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-23 00:00:00
[Full-disclosure] ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability
2006-12-23 00:00:00

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.896 High

EPSS

Percentile

98.7%

JSON
Related for ZDI-06-052
checkpoint_advisories2packetstorm1cve1saint4cert2cvelist1zdi1securityvulns2