Privacy and Legal Notice

CIAC INFORMATION BULLETIN

R-109: Security Vulnerabilities: Buffer Overrun in NetMail 3.52

[Novell Document 3096026]

January 18, 2007 18:00 GMT
PROBLEM: Existing version of NetMail 3.52 can be vulnerable to attack when the following buffers are overrun:
- User Authentication Buffer
- NMAP STOR Buffer
- IMAPD Pre-Auth Stack Buffer
- IMAPD Post-Auth Stack Buffer
PLATFORM: NetMail 3.52
DAMAGE: Could allow remote execution of code on the server running NetMail.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. Could allow remote execution of code on the server running NetMail.
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-109.shtml
  ORIGINAL BULLETIN: https://secure-support.novell.com/KanisaPlatform/Publishing/134/3096026_f.SAL_Public.html
   Novell 3096026
  CVE: CVE-2006-5478 CVE-2006-6424 CVE-2006-6425 
[***** Start Novell Document 3096026 *****]

Security Vulnerabilities: Buffer Overrun in NetMail 3.52

This document (3096026) is provided subject to the disclaimer at the end of this document.

environment

Novell NetMail 3.52

situation

Existing version of NetMail 3.52 can be vulnerable to attack when the following buffers are overrun.
-User Authentication Buffer
-NMAP STOR Buffer
-IMAPD Pre-Auth Stack Buffer
-IMAPD Post-Auth Stack Buffer

The vulnerability could allow remote execution of code on the server running NetMail.

resolution

This problem is resolved by applying NetMail 3.52e ftf 2

http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ftf2_lx.tgz
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ftf2_nw.zip
http://support.novell.com/servlet/downloadfile?file=/sec/pub/nm352e_ftf2_win.zip

status

Reported to Engineering
Security Alert

additional notes

Novell would like to thank an anonymous researcher working with TippingPoint (www.tippingpoint.com) and the Zero Day Initiative (www.zerodayintiative.com) for reporting the following issues.
 
ZDI-06-036 (Previously ZDI-CAN-076) - User  Authentication Buffer - This vulnerability has been assigned the identifier CVE-2006-5478 by the CVE database.
ZDI-06-053 (Previously ZDI-CAN-085) - IMAPD Pre-Auth Stack Buffer - This vulnerability has been assigned the identifier CVE-2006-6424 by the CVE database.
ZDI-06-054 (Previously ZDI-CAN-086) - IMAPD Post-Auth Stack Buffer - This vulnerability has been assigned the identifier CVE-2006-6425 by the CVE database.

Novell would like to thank Dennis Rand of CIRT.DK working with TippingPoint (www.tippingpoint.com) and the Zero Day Initiative (www.zerodayintiative.com) for reporting the following issue.

ZDI-06-052 (Previously ZDI-CAN-082) - NMAP STOR Buffer - This vulnerability has been assigned the identifier CVE-2006-6424 by the CVE database.

document

Document ID: 3096026
Creation Date: 2006-12-25 23:41:40.0
Modified Date: 2006-12-25 23:40:03.0
Novell Product: NetMail

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.




[***** End Novell Document 3096026 *****]
CIAC wishes to acknowledge the contributions of Novell for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/