Description: Two vulnerabilities have been reported in various Novell products, which can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error exists in the HTTP Protocol Stack (httpstk) component of iMonitor within the "BuildRedirectURL()" function when processing "Host" HTTP headers. This can be exploited to cause a stack-based buffer overflow via a specially crafted request with an overly long "Host" header (more than 64 bytes).
2) A boundary error exists within the user authentication component of Netmail when processing usernames. This can be exploited to cause a stack-based buffer overflow via a specially crafted username.
Successful exploitation allows execution of arbitrary code.
The following products are affected by one or both of the vulnerabilities:
- Netmail 3.5.2
- Novell eDirectory 8.8.1
Provided and/or discovered by: Discovered independently by:
1) * Michael Ligh and Ryan Smith.
* Manuel Santamarina Suarez
2) Discovered by an anonymous person and reported by ZDI.
Changelog: 2006-10-27: Updated "Solution" section. Added additional information from ZDI. Added CVE reference.
2006-11-02: Updated "Description" section. Added additional information from ZDI and Novell.
2006-11-06: Added CVE reference.
2006-11-08: The vendor reports that the fix for the second vulnerability was by mistake not checked into the eDirectory codebase.
2006-12-23: Added information about Novell Netmail patch.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
