| VID |
12074 |
| Severity |
40 |
| Port |
143 |
| Protocol |
TCP |
| Class |
IMAP |
| Detailed Description |
The Novell NetMail IMAP agent is vulnerable to a buffer overflow vulnerability in a long command tag. Novell NetMail is a freely available messaging system for Microsoft Windows, Linux, Unix, and Netware operating systems. Novell NetMail versions prior to 3.52C are vulnerable to multiple buffer overflow vulnerabilities, which can be exploited by a remote attacker to conduct execute arbitrary code on a vulnerable system.
1) An unspecified boundary error when processing a very large name on folder rename through the WebAccess or WebMail client can cause a buffer overflow.
2) Some unspecified boundary errors in the IMAP command continuation function and in the handling of long command tags in the IMAP agent can cause a heap-based buffer overflow.
* References:
http://support.novell.com/filefinder/19357/index.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm
http://secunia.com/advisories/15644/
* Platforms Affected:
Novell NetMail versions prior to 3.52C
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Novell NetMail (3.52C or later), as listed in Novell Technical Information Document TID 2971590 at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm |
| Related URL |
CVE-2005-1757,CVE-2005-1758 (CVE) |
| Related URL |
13926 (SecurityFocus) |
| Related URL |
20946,20947 (ISS) |
|
