NetMail IMAP APPEND command buffer overflow
Added: 12/29/2006CVE: CVE-2006-6425
BID: 21723
OSVDB: 31362
Background
Novell NetMail is an e-mail and calendaring server application.Problem
A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted APPEND command.Resolution
Apply NetMail 3.5.2e FTF2 for Linux, Netware, or Windows.References
http://www.novell.com/support/search.do?cmd=displayKC&externalId=3096026&sliceId=SAL_Publichttp://www.zerodayinitiative.com/advisories/ZDI-06-054.html
Limitations
Exploit works on NetMail 3.5.2 and requires the login and password of a valid IMAP account.Platforms
Windows 2000Windows XP
Back to exploit index