Secunia Security Advisory - Secunia research has discovered a vulnerability in Novell NetMail, which can be exploited by malicious people to compromise a vulnerable system.
f8e1c8982ddd568bdaa04cbbaa188d76d77584766b5a3e63ef0f913a740f596e
TITLE:
Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA15925
VERIFY ADVISORY:
https://secunia.com/advisories/15925/
CRITICAL:
Less critical
IMPACT:
System access
WHERE:
>From local network
SOFTWARE:
Novell NetMail 3.x
https://secunia.com/product/1530/
DESCRIPTION:
Secunia research has discovered a vulnerability in Novell NetMail,
which can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a boundary error in the NMAP
(Network Messaging Application Protocol) Agent when handling an
overly long user name in the "USER" command. This can be exploited to
cause a stack-based buffer overflow and allows arbitrary code
execution.
Successful exploitation requires valid logon to the NMAP Agent (e.g.
if the default NMAP authentication credential has not been changed).
For more information:
SA13377
The vulnerability has been confirmed in version 3.52C. Prior versions
may also be affected.
SOLUTION:
Update to version 3.52D.
NetWare:
https://support.novell.com/servlet/filedownload/pub/netmail352d_nw.zip
Windows:
https://support.novell.com/servlet/filedownload/pub/netmail352d_win.zip
Linux:
https://support.novell.com/servlet/filedownload/sec/pub/netmail352d_lin.tgz
PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong, Secunia Research.
ORIGINAL ADVISORY:
Novell:
https://support.novell.com/cgi-bin/search/searchtid.cgi?/2972433.htm
https://support.novell.com/cgi-bin/search/searchtid.cgi?/2972438.htm
https://support.novell.com/cgi-bin/search/searchtid.cgi?/2972340.htm
Secunia Research:
https://secunia.com/secunia_research/2005-23/advisory/
OTHER REFERENCES:
SA13377:
https://secunia.com/advisories/13377/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed