NetMail IMAP APPEND command buffer overflow

Added: 12/29/2006
CVE: CVE-2006-6425
BID: 21723
OSVDB: 31362

Background

Novell NetMail is an e-mail and calendaring server application.

Problem

A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted APPEND command.

Resolution

Apply NetMail 3.5.2e FTF2 for Linux, Netware, or Windows.

References

http://www.novell.com/support/search.do?cmd=displayKC&externalId=3096026&sliceId=SAL_Public
http://www.zerodayinitiative.com/advisories/ZDI-06-054.html

Limitations

Exploit works on NetMail 3.5.2 and requires the login and password of a valid IMAP account.

Platforms

Windows 2000
Windows XP

Back to exploit index