Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:87770887E4113C65102E0C70360F87A9
HistoryJan 05, 2007 - 12:00 a.m.

Novell NetMail NMAP STOR command buffer overflow

2007-01-0500:00:00
SAINT Corporation
download.saintcorporation.com
14

EPSS

0.892

Percentile

98.8%

JSON

Added: 01/05/2007
CVE: CVE-2006-6424
BID: 21725
OSVDB: 31363

Background

Novell NetMail servers include the Network Messaging Application Protocol (NMAP) service, which listens on port 689/TCP.

Problem

A buffer overflow in Novell NetMail allows remote attackers to execute arbitrary commands by sending a specially crafted **STOR** command to the NMAP service.

Resolution

Apply the patch available from Novell.

References

<http://www.securityfocus.com/archive/1/455201&gt;

Limitations

Exploit works on Novell NetMail 3.52e FTF1.

For the exploit to succeed, the address of the host running SAINTexploit must be present in the target server’s trusted hosts list. (The trusted hosts list is available from the web interface running on port 89/TCP on the target server. Choose Internet Services -> Messaging Server -> NMAP Agent -> Trusted Hosts.)

Platforms

Windows

Related

cert 2
saint 3
checkpoint_advisories 2
metasploit 1
nvd 1
zdi 2
packetstorm 1
cvelist 1
cve 1
securityvulns 2
exploitdb 1
cert
cert
Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands
2007-01-17 00:00:00
Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests
2007-01-18 00:00:00
saint
saint
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
Novell NetMail NMAP STOR command buffer overflow
2007-01-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Novell NetMail IMAP Verb Literal Heap Overflow (CVE-2006-6424)
2007-04-01 00:00:00
Novell NetMail NMAP STOR Command Buffer Overflow (CVE-2006-6424)
2007-01-30 00:00:00
metasploit
metasploit
Novell NetMail NMAP STOR Buffer Overflow
2007-03-01 12:44:47
nvd
nvd
CVE-2006-6424
2006-12-27 01:28:00
zdi
zdi
Novell NetMail NMAP STOR Buffer Overflow Vulnerability
2006-12-22 00:00:00
Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-22 00:00:00
packetstorm
packetstorm
Novell NetMail <= 3.52d NMAP STOR Buffer Overflow
2009-11-26 00:00:00
cvelist
cvelist
CVE-2006-6424
2006-12-27 01:00:00
cve
cve
CVE-2006-6424
2006-12-27 01:28:00
securityvulns
securityvulns
[Full-disclosure] ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability
2006-12-23 00:00:00
[Full-disclosure] ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability
2006-12-23 00:00:00
exploitdb
exploitdb
Novell NetMail 3.52d - NMAP STOR Buffer Overflow (Metasploit)
2010-05-09 00:00:00

EPSS

0.892

Percentile

98.8%

JSON
Related for SAINT:87770887E4113C65102E0C70360F87A9
cert2saint3checkpoint_advisories2metasploit1nvd1zdi2packetstorm1cvelist1cve1securityvulns2exploitdb1