CVE-2006-6425 – Novell NetMail IMAP APPEND Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6425
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. Desbordamiento de búfer basado en pila en el demonio IMAP (IMAPD) de Novell NetMail anterior a 3.52e FTF2 permite a atacantes remotos autenticados ejecutar código de su elección mediante vectores no especificados que implican el parámetro APPEND. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Novell NetMail. Successful exploitation requires the attacker to successfully authenticate to the affected service. The specific flaw exists in the NetMail IMAP server's handling of the APPEND command. A lack of bounds checking on a specific parameter to this command can lead to a stack-based buffer overflow. • https://www.exploit-db.com/exploits/16488 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2080 http://securitytracker.com/id?1017437 http://www.kb.cert.org/vuls/id/258753 http://www.securityfocus.com/archive/1/455200/100/0/threaded http://www.securityfocus.com/bid/21723 http://www.vupen.com/english/advisories/2006/5134 http://www.zerodayinitiative.com/advisories/ZDI-06-054.html https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f •
CVE-2006-6424 – Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-6424
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow. Múltiples desbordamientos de búfer en Novell NetMail anterior a 3.52e FTF2 permiten a atacantes remotos ejecutar código de su elección (1) añadiendo literales a ciertos verbos IMAP cuando se especifican peticiones de continuación de comandos a IMAPD, resultando en un desbordamiento de montón; y (2) mediante argumentos manipulados del el comando STOR para el demonio del protocolo de aplicaciones de mensajería en red (Network Messaging Application Protocol o NMAP), resultando en un desbordamiento de pila. This vulnerability allows remote attackers to execute arbitrary code on affected versions of Novell NetMail. Authentication is not required to exploit this vulnerability. The specific flaw exists in the NetMail IMAP service, imapd.exe. The service does not sufficiently validate user-input length values when literals are appended to IMAP verbs to specify a command continuation request. • https://www.exploit-db.com/exploits/16813 http://secunia.com/advisories/23437 http://securityreason.com/securityalert/2081 http://securitytracker.com/id?1017437 http://www.cirt.dk/advisories/cirt-48-advisory.txt http://www.kb.cert.org/vuls/id/381161 http://www.kb.cert.org/vuls/id/912505 http://www.securityfocus.com/archive/1/455201/100/0/threaded http://www.securityfocus.com/archive/1/455202/100/0/threaded http://www.securityfocus.com/bid/21724 http://www.s •
CVE-2005-2176 – Novell NetMail 3.x - Automatic Script Execution
https://notcve.org/view.php?id=CVE-2005-2176
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. • https://www.exploit-db.com/exploits/25948 http://secunia.com/advisories/15962 http://securitytracker.com/id?1014439 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972340.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972433.htm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972438.htm http://www.osvdb.org/17821 http://www.securityfocus.com/bid/14171 http://www.vupen.com/english/advisories/2005/0994 •