Vulnerabilities > CVE-2006-6761 - Buffer Overflow vulnerability in Novell Netmail 3.5.2

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
novell
exploit available
metasploit
NVD
Published: 2006-12-27
Updated: 2011-03-08

Summary

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. This vulnerability is addressed in the following product update: Novell, NetMail, 3.52e FTF2

Vulnerable Configurations

Part Description Count
Application
Novell
6

Exploit-Db

descriptionNovell NetMail. CVE-2006-6761. Remote exploit for windows platform
idEDB-ID:16478
last seen2016-02-01
modified2010-05-09
published2010-05-09
reportermetasploit
sourcehttps://www.exploit-db.com/download/16478/
titleNovell NetMail <= 3.52d IMAP SUBSCRIBE Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in Novell's NetMail 3.52 IMAP SUBSCRIBE verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution.
idMSF:EXPLOIT/WINDOWS/IMAP/NOVELL_NETMAIL_SUBSCRIBE
last seen2020-03-09
modified2017-07-24
published2007-01-01
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/imap/novell_netmail_subscribe.rb
titleNovell NetMail IMAP SUBSCRIBE Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82936/novell_netmail_subscribe.rb.txt
idPACKETSTORM:82936
last seen2016-12-05
published2009-10-30
reporterMC
sourcehttps://packetstormsecurity.com/files/82936/Novell-NetMail-3.52d-IMAP-SUBSCRIBE-Buffer-Overflow.html
titleNovell NetMail <= 3.52d IMAP SUBSCRIBE Buffer Overflow

References