Added: 12/29/2006
CVE: CVE-2006-6425
BID: 21723
OSVDB: 31362
Novell NetMail is an e-mail and calendaring server application.
A buffer overflow in the NetMail IMAP service allows remote, authenticated attackers to execute arbitrary commands by sending a long, specially crafted APPEND command.
Apply NetMail 3.5.2e FTF2 for Linux, Netware, or Windows.
[http://www.novell.com/support/search.do?cmd=displayKC&externalId=3096026&sliceId=SAL_Public ](<http://www.novell.com/support/search.do?cmd=displayKC&externalId=3096026&sliceId=SAL_Public
>)
<http://www.zerodayinitiative.com/advisories/ZDI-06-054.html>
Exploit works on NetMail 3.5.2 and requires the login and password of a valid IMAP account.
Windows 2000
Windows XP