Lucene search

SAINT CorporationSAINT:C42129A8F4C39AAF6380D3605042FC96

HistoryMar 16, 2007 - 12:00 a.m.

NetMail WebAdmin username buffer overflow

2007-03-1600:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.942

Percentile

99.2%

JSON

Added: 03/16/2007
CVE: CVE-2007-1350
BID: 22857
OSVDB: 33886

Background

Novell NetMail WebAdmin is a web-based administration interface which runs an HTTP server on port 89/TCP.

Problem

A buffer overflow vulnerability in Novell NetMail WebAdmin allows remote attackers to execute arbitrary commands by sending a long username during HTTP Basic authentication.

Resolution

Download and install the NetMail 3.52E Update.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-009.html>

Limitations

Exploit works on Novell NetMail 3.52.

In order for the exploit to succeed, the total number of characters in the tree and context parameters must be correct.

Platforms

Windows 2000
Windows Server 2003 SP0
Windows Server 2003 SP1 / Windows Server 2003

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.942

Percentile

99.2%

JSON

Related for SAINT:C42129A8F4C39AAF6380D3605042FC96