Novell NetMail NMAP STOR command buffer overflow

Added: 01/05/2007
CVE: CVE-2006-6424
BID: 21725
OSVDB: 31363

Background

Novell NetMail servers include the Network Messaging Application Protocol (NMAP) service, which listens on port 689/TCP.

Problem

A buffer overflow in Novell NetMail allows remote attackers to execute arbitrary commands by sending a specially crafted STOR command to the NMAP service.

Resolution

Apply the patch available from Novell.

References

http://www.securityfocus.com/archive/1/455201

Limitations

Exploit works on Novell NetMail 3.52e FTF1.

For the exploit to succeed, the address of the host running SAINTexploit must be present in the target server's trusted hosts list. (The trusted hosts list is available from the web interface running on port 89/TCP on the target server. Choose Internet Services -> Messaging Server -> NMAP Agent -> Trusted Hosts.)

Platforms

Windows

Back to exploit index