Title: Novell NetMail Multiple Buffer Overflow Vulnerabilities
Severity: CRITICAL
Description:
Novell NetMail is a commercially available email and calendar system.
Novell NetMail is prone to multiple remotely exploitable buffer-overflow vulnerabilities because it fails to do proper bounds checking on a user-supplied input.
These issues affect the following binaries: nmapd, imapd, and webadmin.
The webadmin issue occurs during HTTP Basic authentication. A username of at least 213 bytes will trigger a stack-based buffer overflow when processed in a 'sprintf()' function call in 'webadmin.exe'.
Very little information is available on the remaining issues; this BID will be updated as more information becomes available.
A successful exploit could let a remote attacker execute arbitrary code in the context of the affected application.
Affected Products:
- Novell NetMail 3.52.0
- Novell NetMail 3.52.0 A
- Novell NetMail 3.52.0 B
- Novell NetMail 3.52.0 C
- Novell NetMail 3.52.0 C1
- Novell NetMail 3.52.0 D
- Novell NetMail 3.52e-ftfl
References:
- Novell: NetMail 3.52E Update
- Novell: NetMail Product Page
- US-CERT: Vulnerability Note VU#919369 Novell Netmail WebAdmin buffer overflow vulnerabili
- Zero Day Initiative: ZDI-07-009 Novell Netmail WebAdmin Buffer Overflow Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
